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DIRECTOR’S  FOREWORD 

The  pattern  of  change  that  has  marked  the  development  and  use  of  information 
technology  over  the  past  few  decades  continues  today.  Changes  in  the  tech- 
nology itself,  in  the  management  of  the  technology,  and  in  the  supporting  infra- 
structure for  the  technology  are  having  profound  influences  on  many 
organizations’  activities.  This  report  on  the  Computer  Systems  Laboratory 
(CSL)  in  1991  discusses  our  work  to  assist  private-  and  public-sector  organiza- 
tions in  managing  these  changes  for  the  benefit  of  their  customers  and 
programs. 

CSL  at  the  National  Institute  of  Standards  and  Technology  (NIST)  is  re- 
sponsible for  developing  standards,  guidelines,  and  test  methods,  and  for  pro- 
viding research  and  technical  assistance  on  computer  and  related 
telecommunications  systems.  In  conjunction  with  users  and  industry,  CSL  is 
addressing  the  development  of  standards,  information  technology  architec- 
tures, and  conformance  tests  needed  to  improve  information  management  in 
this  decade. 

In  the  1990s,  we  can  expect  that  changes  in  technology  will  result  in  many 
more  activities  being  automated,  decentralized,  and  distributed  geographically 
throughout  the  enterprise.  Increased  processing  power,  faster  data  networks, 
high-capacity  data  storage,  expert  systems,  and  neural  networks  are  some  of 
the  technologies  that  will  be  available. 

To  manage  the  technology,  organizations  are  paying  greater  attention  to  the 
strategic  value  of  information  systems.  Information  technology  architectures 
are  being  refined  and  changed  to  focus  on  support  to  the  business  of  the  enter- 
prise. Some  organizations  are  responding  to  change  and  their  need  to  stay 
competitive  by  turning  over  their  computing  and  telecommunications  systems 
to  sendee  providers  to  run  for  them. 

“Open  computing  systems”  have  become  a requirement  of  many  users. 

Users  are  looking  to  open  systems  to  provide  increased  flexibility,  more  choices, 
and  capabilities  to  do  new  functions.  Open  systems  have  been  defined  in  many 
ways,  but  from  the  user’s  perspective,  open  systems  allow  organizations  to 
develop  integrated  systems  composed  of  computer  and  communications  prod- 
ucts that  are  acquired  from  a variety  of  sources,  and  to  move  applications  soft- 
ware developed  for  different  systems  from  one  system  to  another.  In  the  past, 
it  has  not  been  possible  to  do  this  as  the  users  were  locked  into  a specific  ven- 
dor(s).  Today  no  single  vendor  can  supply  the  systems  to  meet  the  broad  diver- 
sity of  user  requirements. 

Standards  have  never  been  more  important,  but  many  of  the  needed  standards 
for  open  systems  are  not  available.  Those  standards  that  are  available  come 
from  a variety  of  sources  and  are  often  not  totally  integrated  or  well  defined. 
Some  standards  are  being  developed  by  national  and  international  standards 
groups;  some  are  being  established  by  vendors  working  together;  and  others 
are  being  created  through  the  marketplace. 


Trusted  Technology 
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To  get  the  needed  standards,  users  are  beginning  to  identify  their  common 
requirements  for  open  systems.  This  past  year,  for  example,  the  Standards  for 
Open  Systems  group,  comprised  of  information  technology  executives  of  Ameri- 
can Airlines,  DuPont,  General  Motors,  Kodak,  McDonnell  Douglas,  Merck,  Mo- 
torola, 3M,  Northrop,  and  Unilever  agreed  that  they  had  a common  need  to 
accelerate  the  commercial  availability  of  open  systems  based  on  vendor-neutral 
standards.  The  group  developed  an  influential  statement  of  strategic  direction 
calling  for  products  based  on  open  systems  specifications. 

Requirements  for  open  systems  are  arising  in  other  parts  of  the  world  as 
well.  Governments  such  as  the  UK  and  Canada,  the  Commission  of  the 
European  Community,  and  an  international  group  representing  government 
procurement  authorities  are  spearheading  efforts  to  adopt  open  systems  archi- 
tectures. Worldwide  acceptance  and  commitment  to  open  systems  will  be  es- 
sential in  stimulating  the  development  of  cost-effective  products  and  in 
providing  worldwide  markets  for  U.S.  computer  vendors. 

Last  year,  we  established  a Federal  Open  System  Users  Council  (FOSUC)  as 
a forum  for  federal  organizations  concerned  with  open  systems  issues.  FOSUC 
members  identified  their  high-priority  standards-related  issues  affecting  agency 
missions  and  application  areas.  The  issues  included:  electronic  mail  and  elec- 
tronic data  interchange  applications:  implementation,  migration,  and  expan- 
sion of  the  Government  Open  Systems  Interconnection  Profile  (GOSIP);  and 
data  management  and  storage. 

Open  systems  are  becoming  part  of  the  strategies  of  many  agencies,  espe- 
cially the  Department  of  Defense  which  has  implemented  a Corporate  Informa- 
tion Management  program  to  improve  the  development,  acquisition,  and 
operations  of  information  technology  systems.  A memorandum  in  May  1991 
signed  by  Paul  A.  Strassmann,  Director  of  Defense  Information,  said:  ‘The  De- 
partment is  committed  to  establishing  an  open  systems  environment  for  its  in- 
formation systems.  This  open  systems  environment  will  have  a technical 
architecture  based  exclusively  on  Federal  standards  for  open  systems.” 

Open  systems  reflect  dramatic  shifts  in  the  computer  industry  and  in  user 
options,  and  will  continue  to  be  a focus  of  our  programs  over  the  next  few 
years.  We  will  be  concentrating  on  the  standards  and  specifications  needed  to 
give  users  flexibility  in  the  development  of  systems,  and  in  planning  for  the  mi- 
gration to  open  systems. 

Another  important  area  is  the  development  of  standards  and  technology  to  pro- 
tect information  from  unauthorized  modification,  undetected  loss,  and  un- 
authorized disclosure.  Our  computer  security  activities  are  covered  in  detail  in 
this  report,  but  I wanted  to  highlight  a new  collaborative  effort  with  the 
National  Security  Agency  (NSA)  and  industry  users  to  develop  a federal  stan- 
dard for  specifying  computer  security  requirements  in  open  systems  environ- 
ments, including  distributed  applications  such  as  Electronic  Data  Interchange 
(EDI).  This  work  draws  on  the  current  Trusted  Computer  System  Evaluation 
Criteria  ("Orange  Book")  developed  by  NSA. 
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Trusted  systems  are  the  computer  and  network  systems  that  have  security 
controls  built  into  products,  and  have  been  used  for  some  time  to  protect  the 
confidentiality  of  data.  The  new  criteria  will  extend  the  concept  of  trusted  tech- 
nology to  include  other  protective  mechanisms:  assuring  the  integrity  of  data 
and  processes:  controlling  access  to  network  services,  customer  equipment, 
and  data;  and  assuring  the  availability  of  data,  systems,  applications,  and  ser- 
vices for  processing  when  needed. 

Also  important  over  the  next  few  years  will  be  research  and  development  efforts 
for  advanced  computers,  high-capacity  and  high-speed  networks,  and  elec- 
tronic data  bases.  This  activity  is  supported  by  the  High  Performance  Comput- 
ing Act  of  1991  and  the  High  Performance  Computing  and  Communications 
Program  of  the  Office  of  Science  and  Technology  Policy.  Planned  as  an  inter- 
agency activity  with  close  cooperation  between  federal  agencies,  industry  and 
academe,  this  activity  is  expected  to  accelerate  the  commercial  availability  of 
the  next  generation  of  high-performance  computers  and  networks. 

Total  Quality  Management  programs  establish  a goal  of  customer  satisfaction 
which  can  be  applied  to  an  organization’s  internal  operations  and  the  support 
that  the  organization’s  information  systems  give  to  programs  and  operations. 
Information  managers  can  contribute  to  the  quality  process  by  understanding 
their  customer’s  needs  and  developing  improvement  programs  for  their  activi- 
ties to  advance  the  business  of  the  organization. 

Just  as  information  managers  need  to  listen  to  their  customers,  so  does  CSL 
need  to  listen  to  its  customers.  I believe  that  interactions  between  users,  ven- 
dors, and  the  government  on  open  systems,  security,  high-performance  com- 
puting, and  other  issues  will  be  beneficial  to  all  of  us,  and  I invite  a continuing 
dialogue. 
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OVERVIEW  OF  COMPUTER  SYSTEMS 
LABORATORY 

As  one  of  the  major  science  and  engineering  research  components  of  the 
National  Institute  of  Standards  and  Technology  (NIST),  the  Computer  Systems 
Laboratory  (CSL)  plays  a significant  role  in  supporting  government  and  in- 
dustry by  advancing  the  development  and  implementation  of  computer  and  tele- 
communications systems  technology.  CSL  programs  and  research  are 
mandated  by  the  Brooks  Act  (Public  Law  89-306),  the  Computer  Security  Act  of 
1987  (Public  Law  100-235),  and  the  Omnibus  Trade  and  Competitiveness  Act 
of  1988  (Public  Law  100-418). 

CSL  develops  standards,  guidelines,  and  test  methods  for  computer  systems 
and  networks,  conducts  research,  and  provides  assistance  and  advisory  ser- 
vices to  the  information  systems  communities  of  the  federal  government  and  in- 
dustry. The  goal  of  these  activities  is  to  provide  application  portability, 
interoperability,  and  security  across  different  systems  and  networks,  and  to  ad- 
vance the  development  and  use  of  high-performance  computer  and  communica- 
tions capabilities.  CSL  programs  support  key  Department  of  Commerce  goals 
of  promoting  international  trade,  speeding  commercialization  of  new  technolo- 
gies, and  providing  technical  leadership  in  the  development  of  new  standards 
and  measurement  methods. 

CSL  supports  the  development  of  technology  and  standards  for  open  systems,  a 
common  vision  of  users  in  both  public  and  private  sectors.  No  single  vendor  is 
able  to  supply  the  systems  to  meet  the  diversity  of  user  requirements.  Enter- 
prise-wide needs  for  common  application  architectures,  communications,  and 
networks  are  moving  organizations  away  from  proprietary  systems  and  stand- 
alone applications  of  computers  to  greater  integration  of  functions  and  in- 
creased exchanges  with  external  organizations.  Users  need  off-the-shelf 
hardware,  software,  and  telecommunications  products  that  will  interoperate, 
and  the  ability  to  move  data,  applications,  and  people  skills  from  one  system  or 
environment  to  another. 

To  support  the  development  and  implementation  of  complex  open  computer 
systems  and  networks,  CSL  continued  its  laboratory-based  research  programs 
focusing  on  computer  security,  software  engineering,  data  management,  data 
communications,  and  advanced  systems.  The  development  of  test  and  meas- 
urement methods  to  evaluate  conformance  of  products  to  standards  and  the  in- 
teroperability of  the  many  components  in  today’s  computer  systems  remain  a 
high  priority.  Transferring  technology  to  government  and  industry  completes 
the  research  cycle. 
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Interactions  with 
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Computer  Security. 


Organization  and 
Resources. 


Providing  advice  and  assistance  to  the  public  and  private  sectors  remained  an 
important  part  of  CSL’s  mission.  Many  organizations  sought  technical  solu- 
tions to  complex  problems  in  a broad  range  of  computer  and  telecommunica- 
tions program  areas.  Some  collaborations  continued  from  previous  years, 
while  other  cooperative  ventures  were  initiated  during  1991.  Collaborative  ef- 
forts benefit  all  organizations  involved,  and  significantly  advance  the  trend 
away  from  proprietary  products  and  services  to  an  open  systems  environment. 

Open  systems  must  also  be  secure  systems.  The  Computer  Security  Act  of 
1987  strengthened  and  reaffirmed  CSL’s  role  in  protecting  vital  data  in  federal 
computer  systems  and  networks.  Activities  of  our  computer  security  program 
included  proposed  and  revised  Federal  Information  Processing  Standards 
(FIPS),  guidance  on  computer  security  topics,  and  visits  to  federal  agencies 
with  the  Office  of  Management  and  Budget  and  the  National  Security  Agency  to 
gain  management  support  for  computer  security.  Other  activities  included 
training,  publications,  conferences,  and  sponsorship  of  the  Federal  Computer 
Security  Program  Managers  Forum  and  the  Computer  System  Security  and 
Privacy  Advisoiy  Board  established  by  the  legislation. 

CSL's  work  is  carried  out  in  five  technical  divisions:  Information  Systems  En- 
gineering Division,  Systems  and  Software  Technology  Division,  Computer  Secu- 
rity Division,  Systems  and  Network  Architecture  Division,  and  Advanced 
Systems  Division.  Our  professional  staff  consisted  of  computer  scientists,  com- 
puter specialists,  electrical  and  electronic  engineers,  and  mathematicians. 
Staffing  resources  in  FY  1991  included  231  full-time-equivalent  employees  of 
which  75%  were  professional  and  technical  staff  and  25%  were  administrative 
support  personnel.  In  addition  to  CSL  staff,  about  26  research  associates, 
guest  scientists,  and  faculty  appointments  enhanced  our  research  program.  A 
total  of  41  cooperative  research  projects  with  government,  industry,  and  aca- 
demia were  in  place  in  FY  1991. 

Funding  for  CSL  programs  in  FY  1991  consisted  of  $12.3  million  from  the 
NIST  Congressional  appropriation  (STRS),  including  $.7  million  in  NIST-sup- 
ported  competency  funding  and  $14.4  million  in  reimbursable  funds,  mostly 
for  direct  technical  assistance  from  other  federal  agencies.  About  37  organiza- 
tions in  government  and  industry  received  reimbursable  technical  support  from 
CSL  in  FY  1991.  The  Department  of  Defense,  the  General  Services  Administra- 
tion, and  the  National  Aeronautics  and  Space  Administration  are  representative 
of  federal  agencies  that  used  our  resources  to  solve  technical  problems. 
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Sharing  Information 
and  Technology. 


Sharing  information  and  technology  with  government,  business,  academia,  and 
the  public  is  a primary  goal  of  our  organization.  CSL  publishes  a variety  of 
documents  including  FIPS,  guidelines,  computer  systems  and  computer  secu- 
rity reports  on  research  and  tests,  a quarterly  “CSL”  newsletter,  and  a CSL  bul- 
letin series  published  about  eight  times  a year  on  specialized  topics  of  interest 
to  the  information  systems  community.  See  the  Technology  Transfer  section 
for  a list  of  FIPS  and  other  publications  currently  available  for  sale  through  the 
Government  Printing  Office  (GPO)  or  the  National  Technical  Information  Service 
(NTIS).  A variety  of  conferences  and  workshops  are  sponsored  and  hosted  by 
CSL  throughout  the  year,  and  our  staff  members  are  invited  to  address  many 
federal  and  private  organizations. 

CSL  maintains  four  electronic  bulletin  boards  to  share  information  with  com- 
puter users  with  dial-up  capability.  Bulletin  boards  offer  information  on  com- 
puter security,  data  management.  Open  System  Interconnection  (OSI) 
activities,  and  Integrated  Services  Digital  Network  (ISDN).  Instructions  for  ac- 
cessing bulletin  boards  appear  in  Technology  Transfer. 

Technical  highlights  of  our  five  divisions  follow. 
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SELECTED  STAFF  ACCOMPLISHMENTS 
FY  1989  - FY  1991 

Department  of  Commerce  awards  for  major  contributions  to  Department 
programs  were  presented  to: 

Allen  L.  Hankinson  - Silver  Medal  (1991) 

David  K.  Jefferson  - Silver  Medal  (1991) 

Roger  J.  Martin  - Silver  Medal  ( 1 989) 

Miles  E.  Smid  - Silver  Medal  (1989) 

Barbara  L.  Blickenstaff  - Bronze  Medal  (1990) 

David  E.  Cypher  - Bronze  Medal  (1991) 

Gary  E.  Fisher  - Bronze  Medal  (1991) 

J.  Elaine  Frye  - Bronze  Medal  (1989) 

Irene  E.  Gilbert  - Bronze  Medal  (1991) 

David  R.  Kuhn  - Bronze  Medal  (1990) 

Candice  E.  Leatherman  - Bronze  Medal  (1989) 

Charles  L.  Sheppard  - Bronze  Medal  (1990) 

Joan  M.  Sullivan  - Bronze  Medal  (1989) 

David  Hui-Yang  Su  - Bronze  Medal  (1989) 

Janies  H.  Burrows  was  awarded  the  1991  IRM  Leadership  Award  by  the  Asso- 
ciation for  Federal  Information  Resources  Management  (AFFIRM). 

James  H.  Burrows  received  the  1991  Federal  Office  Systems  Exposition  (FOSE) 
Award  for  leadership  in  standards  development  for  computing,  telecommunica- 
tions, and  computer  security. 

James  H.  Burrows  received  the  Distinguished  Presidential  Rank  Award  for  ex- 
tended exceptional  performance  in  government. 

James  H.  Burrows  was  inducted  into  the  Government  Computer  News  Hall  of 
Fame. 
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James  H.  Burrows,  Dennis  K.  Branstad,  Kevin  L.  Mills,  and  Shukri  A. 

Wakid  received  Federal  100  awards  from  Federal  Computer  Week  for  significant 
contributions  to  the  government  systems  community  in  1990. 

James  H.  Burrows,  Allen  L.  Hankinson,  and  Dennis  D.  Steinauer  received 
the  Federal  100  Reader’s  Choice  Awards  from  Federal  Computer  Week  for  1989. 

F.  Lynn  McNulty,  Patricia  Edfors,  Edward  Roback,  Vicky  Howard,  and  Ar- 
lene Carlton,  Office  of  the  Associate  Director  for  Computer  Security,  were  rec- 
ognized by  Government  Workplace  for  their  govemmentwide  efforts  in 
promoting  effective  computer  security  management. 

Allen  L,  Hankinson  was  elected  to  the  UniForum  Board  of  Directors  for  a two- 
year  term  beginning  July  1,  1991. 

Kevin  L.  Mills  received  the  Interagency  Committee  on  Information  Resources 
Management  1991  Award  for  Management /Administrative  Excellence  for  effec- 
tive leadership  in  the  federal  systems  community  in  advancing  the  acceptance 
of  Open  Systems  Interconnection  (OSI)  standards. 

Kevin  L.  Mills  was  elected  as  a senior  member  in  the  Institute  of  Electrical  and 
Electronics  Engineers  (IEEE). 

Kevin  L.  Mills  was  appointed  to  represent  CSL  on  the  new  Federal  Networking 
Council. 

Robert  Rountree  Jr.  has  been  elected,  for  a three-year  term  beginning  in 
1991,  Chair  of  JTC1  TAG,  the  American  National  Standards  Institute  (ANSI) 
technical  advisory  group  for  the  international  standards  committee  ISO/IEC 
Joint  Technical  Committee  1 (Information  Technology). 

Michael  D.  Hogan  has  been  elected  Vice  Chair  of  the  Information  Systems 
Standards  Board  (ISSB)  for  a two-year  term  beginning  in  1992. 

Donna  Harmon  and  Gerald  Candela  received  the  1990  R&D  100  Award  from 
Research  & Development  magazine  for  a fast  information  retrieval  system. 

Donna  Harmon  and  Gerald  Candela  were  the  recipients  of  the  1991  Journal  of 
the  American  Society  for  Information  Science  (JASIS)  Best  Paper  Award  for  “Re- 
trieving Records  from  a Gigabyte  of  Text  on  a Minicomputer  Using  Statistical 
Ranking.” 

Robert  J.  Carpenter,  Alan  Mink,  George  Nacht,  and  John  Roberts  received 
the  Allen  V.  Astin  Measurement  Science  Award  for  their  contributions  to  the 
science  of  measuring  the  performance  of  multiprocessor  computer  systems. 
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Roger  J.  Martin  received  the  Interagency  Committee  on  Information  Resources 
Management  Award  for  Technical  Excellence  in  1989  for  outstanding  contribu- 
tions to  the  federal  information  resources  management  community. 

Miles  E.  Smid  received  the  Award  for  Technical  Excellence  from  the  Inter- 
agency Committee  on  Information  Resources  Management  in  1990  for  his  con- 
tributions to  the  federal  information  resources  management  community, 
particularly  in  computer  security. 

Leonard  J.  Gallagher  received  the  Interagency  Committee  on  Information  Re- 
sources Management  Award  for  Technical  Excellence  in  1989  for  outstanding 
contributions  to  the  federal  information  resource  management  community. 

Miles  E.  Smid  received  the  Commissioner’s  Citation  from  the  Department  of 
the  Treasury  in  1989  for  outstanding  contributions  to  Treasury  payments 
systems. 

Mark  Skall  was  reappointed  to  the  National  Computer  Graphics  Association 
Board  of  Directors. 

Gordon  Lyon  was  appointed  Chairman  of  the  NIST  Research  Advisory  Com- 
mittee for  1991. 

Leonard  J.  Gallagher  was  selected  by  the  Oracle  Corporation  in  1990  as  the 
grand  prize  winner  of  its  “Unleash  the  Genius"  contest  for  his  implementation 
of  a hypertext  query  facility. 

Edward  Roback  received  an  Unsung  Hero  in  Computer  Security  Award  by  Fed- 
Security  ’9 1 and  Federal  Computer  Week. 

Henry  Tom  was  elected  as  the  government  representative  on  the  Board  of 
Directors  of  the  National  Computer  Graphics  Association. 

Fernando  L.  Podio  is  chairman  of  the  NIST/NASA  Working  Group  for  the 
Development  of  Test  Methods  and  Specifications  for  356  mm  Ruggedized 
Rewritable  Media. 

Fernando  L.  Podio  is  chairman  of  the  Working  Group  on  Monitoring  and 
Reporting  Techniques  for  Error  Rate  and  Error  Distribution  in  Optical  Disk 
Systems. 


Data  Administration. 


Data  Management 
Technology. 


INFORMATION  SYSTEMS 
ENGINEERING  DIVISION 


The  Information  Systems  Engineering  Division  develops  standards  and  pro- 
vides technical  assistance  to  government  and  industry  in  data  administration, 
data  management  technology,  computer  graphics,  and  software  standards 
validation. 

CSL  continued  to  support  the  voluntary  standards  efforts  concerning  the  Infor- 
mation Resource  Dictionary  System  (IRDS),  both  at  the  American  National 
Standards  Institute  (ANSI)  level  and  at  the  International  Organization  for  Stan- 
dardization (ISO)  level.  The  current  ANSI  IRDS  standard  was  adopted  as  Fed- 
eral Information  Processing  Standard  (FIPS)  156  in  1989,  and  CSL  continues  to 
play  an  active  part  in  the  development  of  several  new  optional  modules  for  this 
standard.  Further,  the  development  of  a conformance  test  to  cover  FIPS  156  is 
in  process.  CSL  also  serves  as  the  technical  editor  for  the  document  that  is 
being  developed  by  the  voluntary  standards  community  that  will  provide  the  re- 
quirements for  the  development  of  the  next  generation  of  IRDS,  now  referred  to 
as  IRDS2.  These  future  efforts  on  IRDS2  will  focus  on  utilizing  the  IRDS  as  a 
mechanism  to  integrate  the  results  produced  through  the  use  of  Computer- 
Aided  Software  Engineering  (CASE)  tools  throughout  an  application  system’s 
life  cycle. 

The  Data  Administration  Management  Association  (DAMA)  annual  sym- 
posium was  again  cosponsored  by  CSL.  This  year’s  symposium  focused  on 
managing  an  organization’s  data  resources  from  the  first  realization  of  the  need 
for  the  data  through  the  entire  life  cycle  of  that  data. 

CSL  established  new  working  agreements  this  year  with  the  Department  of 
Veterans  Affairs,  the  Department  of  Education,  and  the  Environmental  Protec- 
tion Agency.  In  addition,  previous  agreements  with  the  Department  of  Defense 
(DoD)  Corporate  Information  Management  (CIM)  and  the  Internal  Revenue  Ser- 
vice were  continued.  These  agreements  cover  topic  areas  such  as  tool  integra- 
tion and  the  establishment  of  data  administration  policy  for  an  organization 
that  takes  advantage  of  standards  to  achieve  an  open  systems  environment  for 
data  administration. 

In  an  ongoing  effort  to  help  users  and  vendors  determine  compliance  with  FIPS 
127-1,  Database  Language  SQL,  CSL  released  Version  2.1  of  the  NIST  SQL  Test 
Suite  in  June  1991.  Version  2.1  adds  the  Embedded  Ada  and  Module  Lan- 
guage Ada  test  suite  types  to  the  existing  test  suite  types  for  C,  COBOL,  For- 
tran, Pascal,  and  Interactive  SQL.  Sixteen  SQL  Test  Suite  licenses  were  added 
this  fiscal  year.  Since  the  NIST  SQL  Test  Suite  was  released,  over  95  SQL  Test 
Suite  licenses  have  been  purchased  for  all  versions  of  the  test  suite.  The  NIST 
SQL  Test  Suite  is  being  used  in  the  NIST  SQL  Testing  Service  since  SQL  testing 
began  in  April  1990.  A Registered  Validation  Report  documents  each 
validation. 
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Computer  Graphics. 


Research  efforts  in  expert  systems  technology  and  distributed  database  tech- 
nology produced  two  guides:  NIST  Special  Publication  500-185,  Guide  to  De- 
sign, Implementation,  and  Management  of  Distributed  Databases,  and  NIST 
Special  Publication  500-188,  Guide  to  Expert  Systems  Building  Tools  for  Micro- 
computers. 

A research  project  in  hypertext  completed  its  third  year  in  collaboration  with 
the  Systems  and  Software  Technology  Division.  Major  accomplishments  in  this 
project  include  CSL-sponsored  hypertext  workshops  as  well  as  the  knowledge 
and  experience  gained  in  the  integration  of  hypertext  technology  with  expert 
systems,  database,  graphics,  and  publishing.  Project  members  gave  presenta- 
tions at  external  workshops  and  conferences  and  produced  articles,  reports, 
and  reviews.  This  laboratory-based  research  is  carried  out  in  the  Multimedia 
Systems  and  Database  Laboratories. 

Under  an  interagency  agreement,  CSL  continued  its  assistance  to  the  DoD 
Computer-aided  Acquisition  and  Logistic  Support  (CALS)  project  in  the  applica- 
tion of  SQL  and  other  data  management  standards  to  CALS  requirements.  NIS- 
TIR  4494,  SQL3  Support  for  CALS  Applications,  resulted  from  these  efforts. 

CSL  also  provided  consulting  services  to  the  Department  of  the  Army  for  the 
Sustaining  Base  Information  Services  (SBIS)  and  to  the  Defense  Advanced  Re- 
search Projects  Agency  (DARPA)  for  object  database  technology. 

Conformance  testing  in  computer  graphics  remained  a high  priority.  CSL 
fosters  the  protection  of  federal  investment  in  computer  graphics  by  developing 
conformance  tests  which  determine  whether  implementations  conform  to  FIPS 
and  by  establishing  test  services  to  administer  conformance  tests.  Working 
closely  with  European  colleagues  ensures  harmonization  in  computer  graphics 
testing. 

FIPS  120,  Graphical  Kernel  System  (GKS),  added  a requirement  for  im- 
plementations to  be  tested  in  order  to  be  considered  for  procurement  by  federal 
agencies.  The  CSL  test  service  for  GKS  implementations  conducted  its  first  on- 
site validation  and  issued  its  first  certificate  of  conformance.  CSL  sold  nine 
copies  of  Version  1 of  the  Programmer’s  Hierarchical  Interactive  Graphics  Sys- 
tem (PHIGS)  Validation  Test  Suite.  Version  2 will  be  completed  in  spring  1992 
at  which  time  a PHIGS  Testing  Service  will  commence.  CSL  also  established  a 
Computer  Graphics  Metafile  (CGM)  Testing  Service  to  determine  conformance 
to  FIPS  128,  CGM,  and  the  CALS  Application  Profile  (MIL-D-28003). 

On  the  international  scene,  CSL  monitored  the  work  taking  place  in  Europe 
on  Computer  Graphics  Interface  (CGI)  conformance  testing.  Also  of  note  is 
CSL’s  designation  by  the  International  Organization  for  Standardization/Inter- 
national  Electrotechnical  Commission  (ISO/IEC)  as  the  Registration  Authority 
for  ISO  Registration  of  Graphical  Items.  In  this  capacity,  CSL  developed  the 
ISO  Register  which  currently  has  16  Linetypes,  19  Hatchstyles,  5 Escapes,  5 
Marker  Types,  and  4 Generalized  Drawing  Primitives.  To  date  four  copies  of 
the  ISO  Register  have  been  distributed. 

Geographic  Information  Systems  (GIS)  continued  as  a major  growth  activity. 
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Software  Standards 
Validation. 


Testing  programming  language  compilers  for  conformance  to  FIPS  program- 
ming language  standards  and  Federal  Information  Resources  Management  Reg- 
ulations (FIRMR)  continued  to  be  an  important  service.  In  addition  to 
providing  validation  services  for  programming  languages  COBOL  (FIPS  21-3), 
Fortran  (FIPS  69-1).  Pascal  (FIPS  109),  and  Ada  (FIPS  119).  CSL  established  a 
new  validation  service  for  the  programming  language  MUMPS  (FIPS  125).  The 
MUMPS  validation  service  was  developed  through  an  interagency  agreement 
with  the  Department  of  Veteran  Affairs  which  funded  the  MUMPS  validation 
research. 

In  FY  1991,  CSL  selected  a test  suite  for  testing  conformance  to  FIPS  160,  C. 
Approved  by  the  Secretary  of  Commerce  in  March  1991,  FIPS  160  became  effec- 
tive September  30,  1991.  A validation  service  for  FIPS  160  is  planned  for  1992. 

CSL  received  a large  increase  in  requests  for  validation  services  for  FIPS  127- 
1,  Database  Language  SQL.  In  FY  1991,  25  database  language  processors 
from  6 vendors  were  validated  for  conformance  to  FIPS  127-1  compared  to  one 
validation  the  previous  year. 

During  FY  1991,  programming  and  database  validation  services  were  pro- 
vided to  45  private-sector  companies  and  one  government  agency  for  a total  of 
171  validations.  The  total  number  of  programming  and  database  language  pro- 
cessors currently  validated  as  of  September  30,  1991,  is  347. 

CSL  continued  to  publish  quarterly  the  Validated  Products  List  which  is  a 
collection  of  registers  listing  implementations  that  have  been  validated  for  con- 
formance to  FIPS.  In  addition  to  listing  validated  products  of  COBOL,  Fortran, 
Pascal,  Ada  and  SQL,  the  publication  expanded  to  include  lists  of  validated 
products  for  GKS,  Portable  Operating  System  Interface  for  Computer  Environ- 
ments (POSIX),  and  Government  Open  Systems  Interconnection  Profile 
(GOSIP).  This  publication  is  now  sold  through  the  National  Technical  Informa- 
tion Service  on  a subscription  basis. 

To  facilitate  the  worldwide  conformance  testing  effort,  CSL  sponsored  a 5th 
International  Workshop  on  Harmonizing  Conformance  Testing  of  Computer 
Language  Standards.  Experts  from  the  United  Kingdom,  France,  Italy,  Ger- 
many, Japan  and  the  U.S.  participated  in  the  workshop.  The  attendees  re- 
searched common  areas  of  agreement  among  testing  laboratories  and 
certification  authorities  for  harmonizing  validation  testing  activities. 
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Application 
Portability  Profile 
(APP)  Guide. 


SYSTEMS  AND  SOFTWARE 
TECHNOLOGY  DIVISION 


The  Systems  and  Software  Technology  Division  develops  standards  and  pro- 
vides assistance  in  software  engineering  and  office  systems  engineering  to  fed- 
eral agencies  and  industry  organizations.  Technical  activities  during  1991 
included  the  following: 

CSL  published  a key  document  in  April  1991.  NIST  Special  Publication  500- 
187,  Application  Portability  Profile  (APP)  The  U.  S.  Government's  Open  System 
Environment  Profile  OSE/ 1 Version  1.0,  defines  an  open  system  environment 
(OSE)  framework  by  describing  the  information  technology  (IT)  services,  proto- 
cols, interfaces,  and  data  formats  needed  by  the  U.S.  government  to  support  a 
broad  range  of  federal  applications.  For  each  of  the  seven  service  areas  in- 
cluded in  the  APP,  standards  and  other  specifications  are  recommended  for  use 
in  developing  and  acquiring  systems  within  government  agencies.  The  APP 
Guide,  as  it  has  become  known,  also  impacted  many  private-sector  organiza- 
tions who  adopted  the  recommended  specifications  in  their  internal  environ- 
ments to  provide  better  management  and  control  of  IT  resources. 

As  open  systems  evolve,  the  APP  will  encompass  new  technology  and  capa- 
bilities upon  which  consensus  can  be  built.  The  goal  of  open  systems  and  the 
APP  is  the  recommendation  of  a complete  set  of  specifications  for  all  OSE  ser- 
vices in  the  form  of  international  standards.  The  current  state  of  standards 
will  not  allow  IT  users  to  realize  the  goal  of  open  systems  for  some  time.  In  the 
interim,  the  APP  Guide  provides  recommendations  on  OSE  specifications  and 
evaluates  these  specifications  based  on  criteria  such  as  maturity,  stability, 
completeness,  level  of  consensus,  and  other  factors  that  allow  individual  agen- 
cies to  make  informed  choices  in  the  selection  of  products  and  services. 

With  the  APP  Guide,  the  U.S.  government  now  has  a framework  for  organiz- 
ing and  describing  standards  and  information  technology  specifications,  as  well 
as  a base  document  for  the  discussion  of  open  systems.  The  Application  Porta- 
bility Profile/Open  System  Environment  (APP/OSE)  Users’  Forum  met  twice 
this  year  to  provide  a sounding  board  for  users,  vendors,  and  implementors  on 
APP/ OSE  issues.  These  forums  are  instrumental  in  distributing  information 
concerning  OSE  developments  in  the  federal  government  and  in  providing 
guidance  to  federal  agencies.  In  a related  area,  the  new  NIST  Special  Publica- 
tion 500-184,  Functional  Benchmarks  for  Fourth  Generation  Languages,  assists 
managers  selecting  a fourth  generation  language  (4GL)  to  determine  how  well  a 
particular  4GL  will  meet  organizational,  application,  and  user  requirements. 
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POSIX  Conformance 
Testing. 


High  Integrity 
Software. 


A testing  program  was  started  for  FIPS  151- 1 , POSIX.  POSIX  promotes  the 
portability  of  application  software  at  the  source  code  level,  between  computer 
systems  from  multiple  vendors.  Seven  accredited  POSIX  testing  laboratories 
were  announced  and  the  first  group  of  NIST  POSIX  validated  products  was 
developed  in  May.  Each  validated  product  was  tested  by  a laboratory  ac- 
credited by  the  National  Voluntary  Laboratory  Accreditation  Program  (NVLAP), 
using  the  NIST  POSIX  Conformance  Test  Suite  (NIST-PCTS:151-1)  for  FIPS  151- 
1.  The  test  results  were  validated  by  CSL  and  a Certificate  of  Validation  issued. 
The  number  of  POSIX  validated  products  continues  to  grow  and  is  published 
quarterly  in  CSL's  Validated  Products  List.  The  October  1991  CSL  Bulletin  de- 
scribes the  NIST  POSIX  testing  program  in  detail. 

Most  federal  procurements  will  require  submission  of  a certificate  of  valida- 
tion or  proof  that  a vendor  product  conforms  to  FIPS  151-1.  Validated  prod- 
ucts give  a degree  of  assurance  to  the  government  that  the  desired  portability 
and  interoperability  will  be  attainable. 

High  integrity  systems  are  those  systems  whose  failure  can  result  in  loss  of 
property,  personal  injury,  accidental  death,  environmental  harm,  and 
diminished  confidence  in  the  business  and  social  infrastructure.  CSL  initiated 
a Lecture  Series  on  High  Integrity  Systems  and  sponsored  five  lectures  on  top- 
ics such  as  software  engineering  from  a systems  perspective,  cleanroom  en- 
gineering, and  software  process  assessment.  The  lecture  series  targets  federal 
and  industry  managers,  technical  staff,  and  users. 

A Workshop  on  High  Integrity  Software  was  held  at  NIST  on  January  22-23, 
1991,  to  explore  the  development  of  a framework  for  standards  to  assure  that 
critical  software  can  be  trusted  to  work  as  required.  The  workshop  proposed  a 
template  for  describing  methods  and  techniques  for  assuring  high  integrity  soft- 
ware and  proposed  topics  for  further  study,  including  cleanroom  engineering, 
traces,  and  some  formal  specification  languages.  NIST  Special  Publication  500- 
190,  Proceedings  of  the  Workshop  on  High  Integrity  Software.  Gaithersburg,  MD; 
Jan.22-23,  1991,  documents  the  results  of  the  workshop.  Results  of  a Forum 
on  Standards  for  High  Integrity  Software  held  at  NIST  in  June  1991  are  con- 
tained in  NISTIR  4656. 

CSL  again  cosponsored  the  Sixth  Annual  Conference  on  Computer  As- 
surance, COMPASS  ’91,  an  annual  event  focusing  on  the  assurance  of  the  inte- 
grity of  computer  systems  and  information  resources. 
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Integrated  Software 
Engineering 
Environments. 


Multimedia  Systems. 


The  need  for  high-quality  software  is  closely  associated  with  the  need  to  im- 
prove productivity  in  the  development  and  evolution  of  that  software  in  inte- 
grated software  engineering  environments  (ISEE).  An  ongoing  series  of 
invitational  ISEE  workshops  continued  to  develop  a reference  model  and  to  pro- 
pose interfaces  for  fully  integrated  software  engineering  environments  which 
support  software  products  and  processes  throughout  the  software  life  cycle. 

The  workshop  works  closely  with  other  efforts  in  software  engineering  en- 
vironments including  the  European  Computer  Manufacturers’  Association 
(ECMA),  the  Navy’s  Next  Generation  Computer  Resources  (NGCR),  the  Defense 
Advanced  Research  Projects  Agency  (DARPA),  the  Ada  Joint  Program  Office,  the 
International  Workshop  on  Computer-Aided  Software  Engineering,  and  various 
Department  of  Defense,  National  Aeronautics  and  Space  Administration,  Insti- 
tute of  Electrical  and  Electronics  Engineers,  and  industry  efforts.  CSL  and 
ECMA  agreed  to  publish  a joint  “Reference  Model  for  Frameworks  of  Software 
Engineering  Environments"  Technical  Report. 

In  September,  CSL  proposed  the  use  of  the  ECMA  PCTE  (Portable  Common 
Tool  Environment)  specification  as  the  base  document  in  the  development  of 
tool  interface  specifications  for  software  engineering  environments.  This  pro- 
posal, coupled  with  an  aggressive  effort  to  bring  together  the  many  different 
groups  working  on  aspects  of  tool  interfaces  for  an  ISEE,  led  to  an  increased 
coalescence  of  efforts  around  the  CSL  ISEE  workshops. 

Office  systems  engineering  activities  focused  on  developing  and  implementing 
computer-based  tools  to  enhance  productivity.  Since  many  tools  do  not  work 
well  together,  CSL  efforts  centered  on  the  use  of  open  system  concepts  to  inte- 
grate computer-based  office  tools. 

Researchers  in  the  Multimedia  Systems  Laboratory  investigated  how  docu- 
ment standards  can  coexist  and  how  users  can  benefit  from  the  best  of  each 
standard.  NISTIR  4560,  Government  Document  Processing  Requirements  Re- 
port, describes  significant  activities  impacting  on  the  harmonization  of  stan- 
dards within  the  electronic  publishing  area.  It  focuses  on  a list  of  user 
requirements  resulting  from  a workshop  on  Electronic  Information  Exchange 
Standards  and  other  CSL  efforts  to  bring  about  the  harmonization  of  electronic 
publishing  standards. 

In  support  of  the  Department  of  Defense  Computer-aided  Acquisition  and  Lo- 
gistic Support  (CALS)  program,  CSL  encoded  the  Office  Document  Architecture 
(ODA)  Document  Application  Profile  (DAP)  in  the  Standard  Generalized  Markup 
Language  (SGML)  to  illustrate  similarities  between  the  two  standards  and  to 
provide  a common  SGML/Abstract  Syntax  Notation  One  (ASN.l)  profile. 

NISTIR  4547  describes  the  two  international  standards  and  discusses  the 
methodology  involved  in  performing  an  SGML  encoding. 

In  collaboration  with  the  Information  Systems  Engineering  Division,  re- 
searchers continued  a joint  project  on  hypertext  and  hypermedia  technologies. 
As  part  of  that  effort,  a new  Hypermedia  Lecture  Series  was  initiated.  Hyperme- 
dia technologies  permit  the  integration  of  searching,  linking,  and  multimedia 
presentations  using  optical  storage  and  networked  systems. 
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Proposed  FIPS  for 
Digital  Signature 
Standard  (DSS). 


Security 
Requirements  for 
Cryptographic 
Equipment. 


Risk  Management. 


COMPUTER  SECURITY  DIVISION 


The  Computer  Security  Division  develops  standards  and  guidance  for  the  cost- 
effective  security  of  information  resources  in  computer  and  telecommunications 
systems.  In  response  to  the  mandate  of  the  Computer  Security  Act  of  1987, 
CSL  continued  to  provide  guidance,  assistance,  research,  and  technical  sup- 
port to  federal  agencies  and  industry  in  computer  security. 

In  August  1991,  CSL  announced  a proposed  Federal  Information  Processing 
Standard  (FIPS)  for  DSS  for  use  by  federal  agencies.  The  proposed  standard 
specifies  a public-key-based  digital  signature  algorithm  (DSA)  appropriate  for 
federal  digital  signature  applications.  The  DSS  uses  a public  key  to  verify  to  a 
recipient  the  integrity  of  data  and  the  identity  of  the  sender  of  the  data.  The 
DSS  can  also  be  used  by  a third  party  to  ascertain  the  authenticity  of  a signa- 
ture and  the  data  associated  with  it. 

The  proposed  standard  adopts  a public-key  signature  system  that  uses  a 
pair  of  transformations  to  generate  and  verify  a digital  value  called  a signature. 
Requirements  for  public-key  cryptography  have  expanded  as  organizations 
have  developed  electronic  mail  systems  and  electronic  funds  transfer  applica- 
tions. In  such  settings,  an  electronic  equivalent  of  the  handwritten  signature 
may  be  desirable. 

To  help  organizations  use  the  latest  security  technology  for  the  protection  of  in- 
formation, CSL  initiated  a revision  of  FIPS  140,  a standard  that  establishes  the 
physical  and  logical  security  requirements  for  the  design  and  manufacture  of 
Data  Encryption  Standard  (DES)  equipment.  The  revision  will  be  reissued  as 
FIPS  140-1,  General  Security  Requirements  for  Cryptographic  Modules. 

Defining  four  security  levels  for  cryptographic  modules,  FIPS  140-1  will  in- 
corporate cryptographic  algorithms  and  functions  specified  in  related  FIPS. 

The  revised  FIPS  will  be  an  umbrella  standard  which  will  provide  a framework 
under  which  cryptographic  standards  will  be  implemented  in  products.  The  re- 
vision includes  the  development  of  requirements  for  software  assurance  and 
verification  to  be  applied  to  cryptographic  equipment. 

Also  developed  was  a test  assertions  document  to  be  used  as  the  basis  for 
CSL’s  planned  validation  program  for  FIPS  140-1  implementations.  Commer- 
cial laboratories  will  be  recognized  under  NIST s National  Voluntary  Laboratory 
Accreditation  Program  (NVLAP)  to  do  conformance  validation  for  FIPS  140-1. 
Testing  for  the  higher  security  levels  will  require  the  use  of  formal  methods  of 
software  specification.  CSL  encourages  the  use  of  formal  methods  to  enhance 
the  development  of  quality  software  products. 

Risk  management  requires  computer  system  managers  to  identify  risks  to  their 
systems  and  to  develop  cost-effective  means  of  reducing  risks.  Risk  manage- 
ment implies  good  security  planning  based  on  full  awareness  of  the  issues,  the 
constraints,  and  the  resources  available. 
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Trusted  Systems 
Technology. 


POSIX  Security. 


To  assist  those  responsible  for  federal  risk  management,  CSL  and  the 
National  Security  Agency’s  National  Computer  Security  Center  (NCSC)  cospon- 
sor the  Risk  Management  Laboratory  at  NIST s Gaithersburg  site.  The  labora- 
tory serves  as  an  information  resource  for  federal  agencies  considering  the  use 
of  automated  risk  management  software  packages  and  advances  understanding  of 
risk  management.  More  than  30  risk  management  packages  have  been  in- 
stalled in  the  laboratory  and  demonstrated  to  interested  federal  agencies.  CSL 
and  NCSC  cosponsored  the  annual  international  workshop  for  risk  model 
builders  to  develop  a consensus  on  a conceptual  framework  for  risk  analysis. 

CSL  and  NSA  initiated  a cooperative  effort  to  develop  a comprehensive  set  of 
FIPS  to  specify  requirements  for  the  design,  development,  and  assessment  of 
trusted  information  products  and  systems.  These  are  computer  and  network 
systems  that  have  high-quality  and  reliable  security  controls  built  into  prod- 
ucts. The  cooperative  effort  will  develop  new  criteria  for  trusted  systems  to  re- 
place the  current  Trusted  Computer  System  Evaluation  Criteria  (TCSEC)  that 
were  developed  by  NSA  to  evaluate  the  ability  of  systems  to  protect  the  con- 
fidentiality of  data.  The  new  criteria  will  add  capabilities  for  evaluating  other 
security  controls,  such  as  assuring  the  correctness  of  data  and  processes,  con- 
trolling access  to  services  and  data,  and  assuring  the  availability  of  data,  sys- 
tems, applications,  and  services. 

A related  project  is  concerned  with  the  development  of  standardized  and 
more  readily  available  processes  for  evaluating  and  certifying  security  products 
for  compliance  with  the  new  criteria.  The  evaluation  process  is  key  to  increas- 
ing the  confidence  of  the  user  community  to  trust  such  products  to  do  what 
they  are  required  to  do.  Vendors  need  a flexible  and  well-defined  process  that 
will  help  them  develop  security  products  to  meet  all  levels  of  assurance. 

To  support  an  international  approach  to  evaluating  trusted  systems,  CSL  is 
working  with  the  Commission  of  the  European  Communities  (CEC)  which  has 
developed  its  own  Information  Technology  Security  Evaluation  Criteria  (ITSEC). 
The  goal  of  this  collaboration  is  to  develop  a common  basis  for  product  evalua- 
tion and  to  avoid  multiple  testing  requirements  that  would  be  expensive  for 
both  users  and  vendors.  CSL  and  the  CEC  are  in  the  process  of  formalizing 
their  information  security  collaboration  by  completing  a joint  statement  of 
strategic  direction. 

CSL  chaired  the  voluntary  industry  working  group  which  is  defining  the  secu- 
rity requirements  for  basic  internal  controls  needed  for  POSIX-like  operating 
systems.  POSIX  is  the  Portable  Operating  System  Interface  for  Computer  En- 
vironments (FIPS  151-1,  adopting  IEEE  1003.1-1988).  The  P1003.6  standard. 
POSIX  Security  Extensions,  provides  a set  of  application  program  interfaces 
(APIs)  to  basic  security  functions,  including  access  control  lists,  audit  trail 
mechanisms,  privileges,  and  mandatory  access  controls.  These  standard  secu- 
rity interfaces  will  enable  the  development  of  portable  and  interoperable  trusted 
application  programs. 

Guest  researchers  from  Bellcore  work  with  CSL  in  both  the  POSIX  security 
effort  and  in  the  development  of  new  criteria  for  trusted  systems. 
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Security  Labels  for 
Open  Systems. 


Cooperative 

Interactions. 


Sharing 

Information. 


CSL  hosted  its  Second  Invitational  Workshop  on  Security  Labels  for  Open  Sys- 
tems on  April  9-10,  1991.  The  workshop  focused  on  an  initial  draft  for  a 
planned  FIPS  on  a Standard  Security  Label  Format  for  the  Government  Open 
Systems  Interconnection  Profile  (GOSIP)  and  Procedures  for  Registering  Com- 
puter Security  Objects.  Security  labels  indicate  sensitivity  and  the  possible 
damage  which  may  occur  due  to  accidental  or  intentional  disclosure,  modifica- 
tion, or  destruction  of  data.  The  Registration  Procedures  are  related  to  the  pro- 
posed FIPS  and  will  apply  to  the  development  of  a Computer  Security  Object 
(CSO)  Register  which  will  include  items  such  as  specifications  of  security 
domains,  security  labels,  security  algorithms,  security  techniques,  and  security 
support  systems.  The  proposed  FIPS  is  expected  to  be  approved  in  1992. 

Established  by  the  Computer  Security  Act  of  1987  as  a govemment/industry 
cooperative  endeavor,  the  Computer  System  Security  and  Privacy  Advisory 
Board  met  four  times  in  1991  to  investigate  and  discuss  key  computer  security 
issues.  CSL  hosted  five  meetings  of  the  Federal  Computer  Security  Program 
Managers  Forum  this  year  to  share  experiences  and  information  on  mutual 
problems  and  possible  solutions. 

In  another  cooperative  venture,  CSL  helped  to  organize  and  operate  the 
Forum  of  Incident  Response  and  Security  Teams  (FIRST).  This  collaboration  of 
several  government  and  private- sector  organizations  is  designed  to  foster 
cooperation  and  information  sharing  regarding  security  incidents  in  constitu- 
ent systems  and  networks.  Also  continued  was  the  research  activity  that  helps 
federal  agencies  better  protect  their  computer  systems  from  computer  viruses 
and  related  threats. 

In  October  1991,  CSL  and  NSA’s  National  Computer  Security  Center  cospon- 
sored the  14th  National  Computer  Security  Conference  in  Washington,  DC. 

The  conference  attracted  more  than  1,700  participants  from  government,  aca- 
demia, and  industry  who  came  from  the  U.S.,  Canada,  Europe,  Asia,  and 
Australia.  This  year’s  theme,  “Information  System’s  Security:  Requirements 
and  Practices,”  highlighted  the  trend  toward  developing  broadly  based  solu- 
tions for  protecting  information  assets. 

As  part  of  a continuing  effort  to  assist  federal  agencies,  CSL  republished  the 
work  of  other  federal  agencies  and  industry  organizations  to  provide  for  broad 
public  dissemination  of  federally  sponsored  work,  including:  the  National  Aero- 
nautics and  Space  Administration  (NASA)  Automated  Information  Security  Hand- 
book: the  Department  of  Health  and  Human  Services  (HHS)  Information  Systems 
Security  Handbook:  and  a glossary  of  computer  security  terminology.  Also  pub- 
lished were  CSL  Bulletins  on  the  computer  security  roles  of  NIST  and  NSA; 

FIPS  140  - A Standard  in  Transition:  Security  Issues  in  the  Use  of  Electronic 
Data  Interchange:  and  advanced  authentication  technology.  Other  publica- 
tions of  note  include  NIST  Special  Publications  800-2,  Public-Key  Cryptography, 
800-3,  Establishing  a Computer  Security  Incident  Response  Capability  (CSIRC), 
and  500-189,  Security  in  ISDN.  CSL’s  expanded  Computer  Security  Bulletin 
Board  System  (BBS)  continued  to  reach  users  with  dial-up  capabilities  with  a 
wealth  of  information  on  information  systems  security. 
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SYSTEMS  AND  NETWORK 
ARCHITECTURE  DIVISION 


Programs  in  the  Systems  and  Network  Architecture  Division  address  the 
development  and  standardization  of  Open  Systems  Interconnection  (OSI),  the 
development  and  application  of  automated  protocol  methods,  and  the  advance- 
ment of  technology  for  integrated,  interoperable  network  management.  OSI  net- 
works permit  equipment  and  systems  from  different  manufacturers  to 
interoperate. 

GOSIP.  In  April  1991,  the  Secretary  of  Commerce  approved  Federal  Information  Proc- 
essing Standard  (FIPS)  146-1,  Government  Open  Systems  Interconnection  Pro- 
file (GOSIP),  Version  2.0.  FIPS  146,  Version  1.0,  was  approved  in  1988  and 
provided  OSI  protocols  for  Message  Handling  System  (MHS)  and  file  transfer, 
access  and  management  (FTAM)  functions.  MHS  allows  a user  to  send  or  re- 
ceive electronic  mail;  MHS  evaluation  guidelines  are  contained  in  NIST  Special 
Publication  500-182.  The  July  1991  CSL  Bulletin  describes  FTAM  in  detail, 
and  NIST  Special  Publication  500-196,  Guidelines  for  the  Evaluation  of  File 
Transfer,  Access  and  Management  Implementations,  assists  users  in  determin- 
ing which  FTAM  implementation  best  meets  their  requirements. 

Version  2.0  of  GOSIP  provides  protocols  for  additional  functions  and  capa- 
bilities including  Virtual  Terminal  Service,  Office  Document  Architecture,  Inte- 
grated Services  Digital  Network,  End  System-Intermediate  System  protocol, 
and  user  options  for  Connectionless  Transport  Service  and  Connection 
Oriented  Network  Service.  NIST  Special  Publication  500-192,  Government 
Open  Systems  Interconnection  Profile  Users'  Guide,  Version  2,  assists  federal 
agencies  in  planning  for  and  procuring  OSI.  Future  versions  of  GOSIP  will  in- 
corporate additional  applications.  GOSIP  is  based  on  agreements  reached  by 
the  OSI  Implementors  Workshop  (OIW). 

The  OIW  met  four  times  in  1991.  The  workshop  serves  as  an  open  forum 
where  more  than  200  computer  manufacturers,  vendors,  and  users  worldwide 
meet  to  share  ideas  and  experiences  and  to  advance  the  technology  and  stan- 
dardization of  open  systems.  NIST  Special  Publication  500-183,  Stable  Im- 
plementation Agreements  for  Open  System  Interconnection  Protocols,  Version  4, 
Edition  1 , December  1 990,  records  stable  implementation  agreements  of  OSI 
protocols  developed  by  organizations  that  participate  in  the  OIW. 

In  June  1991,  the  OIW  established  a Technical  Liaison  Committee  ad  hoc 
Task  Group  on  Open  System  Environment  Expansion  to  explore  issues  and 
develop  a proposal  to  expand  the  scope  of  the  OIW  to  encompass  the  total  Open 
System  Environment  (OSE).  The  Task  Group,  and  later  the  OIW,  endorsed  a 
set  of  recommendations  to  enlarge  the  scope  of  the  OIW  while  retaining  its  cur- 
rent focus  of  achieving  interoperability  among  multiple  vendors'  systems.  In  ad- 
dition to  implementing  the  specific  recommendations  of  the  Task  Group,  the 
expansion  of  OIW  activities  into  an  Open  System  Environment  will  entail  ad- 
dressing the  full  range  of  interface  issues  found  in  a distributed  computing 
environment. 
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Conformance  and 
Interoperability 
Testing. 


Global  Recognition 
of  OSI. 


During  1991,  CSL  initiated  a collaboration  with  several  major  industry  pro- 
ponents for  OSI.  General  Motors,  representing  the  Manufacturing  Automation 
Protocol  (MAP)  program,  Boeing,  representing  the  Technical  and  Office  Protocol 
(TOP)  program,  the  Electric  Power  Research  Institute  (EPRI)  and  Pacific  Gas 
and  Electric  (PG&E)  representing  the  electric  power  industry's  Unified  Com- 
munications Architecture  (UCA),  and  CSL,  representing  the  GOSIP  program, 
agreed  to  produce  a common  government  and  industry  OSI  specification.  The 
resulting  specification,  built  on  GOSIP  Version  2.0,  will  become  GOSIP  Version 
3.0,  as  well  as  the  next  versions  of  MAP,  TOP,  and  UCA.  The  common  specifica- 
tion will  be  called  the  Industry  Government  Open  Systems  Specification  (IGOSS). 

CSL  established  the  GOSIP  Testing  Program  to  permit  federal  agencies  to  sub- 
stantiate claims  of  GOSIP  compliance.  The  on-line  U.S.  GOSIP  Register 
Database  (GRD)  developed  and  maintained  by  CSL  contains  a set  of  registers  in- 
cluding those  for  test  suites,  test  systems  (means  of  testing),  conformance  test- 
ing laboratories,  tested  products,  and  interoperability  testing  services.  The 
May  1991  CSL  Bulletin  describes  the  GOSIP  Testing  Program  in  detail  and 
gives  instructions  for  accessing  the  GRD. 

As  part  of  a research  program  to  advance  OSI  routing  technology,  CSL  per- 
formed interoperability  tests  on  equipment  using  the  OSI  Intermediate  System 
to  Intermediate  System  Intra-domain  Routing  Exchange  Protocol.  Five  in- 
dustry organizations  participated  in  the  cooperative  testing  program.  Re- 
searchers documented  the  test  scenarios  and  results  to  provide  comments  to 
implementors;  to  guide  standards  communities  in  refining  base  standards,  im- 
plementors’ agreements,  and  user  group  profiles;  and  to  solicit  reactions  on 
developing  testing  and  evaluation  methods. 

CSL  continued  to  participate  in  OSINET,  a cooperative  government/ industry 
research  network  with  about  26  participants.  The  database  containing  the 
OSINET  Testing  & Registration  Service  developed  by  CSL  was  transferred  to  the 
OSINET  secretariat,  the  Corporation  for  Open  Systems.  NISTIR  4607,  Test  and 
Registration  User's  Guide,  and  NISTIR  4668,  The  OSINKF  Testing  and  Registra- 
tion Service  Functional  Specification  describe  the  OSINET  service  and  database. 

On  May  6-8,  1991,  CSL  hosted  a Worldwide  Recognition  of  OSI  Test  Results 
Workshop  which  was  cosponsored  by  the  International  Organization  for  Stan- 
dardization (ISO)  and  the  International  Electrotechnical  Commission  (IEC). 
Attracting  about  150  participants  from  Europe,  Australia,  the  Orient,  North 
and  South  Americas,  the  workshop  addressed  the  technical  procedures  and  cri- 
teria necessary  for  the  achievement  of  equivalence  of  test  results  from  OSI  test- 
ing laboratories  worldwide.  The  issues  of  harmonizing  testing  laboratory 
accreditation  and  OSI  product  certification  received  special  emphasis. 
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Electronic  Data 
Interchange  (EDI). 


Network  Protocols. 


Interoperable 

Network 

Management. 


To  assist  federal  agencies  in  the  use  of  EDI,  CSL  initiated  an  EDI  program  to 
promote  the  integration  of  this  technology  in  an  open  systems  environment. 
Sponsored  by  the  Department  of  Defense,  the  Internal  Revenue  Service,  and 
the  General  Services  Administration,  the  program  will  produce  generic  EDI  soft- 
ware which  will  be  placed  in  the  public  domain.  A gerteric  set  of  EDI  tools  re- 
ferred to  as  the  EDI  Transaction  Set  Development  System  (TSDS)  will  provide 
users  with  a tool  for  prototyping,  testing,  and  using  their  transaction  sets.  CSL 
may  initially  apply  these  tools  to  proposed  new  transaction  sets  for  securing 
EDI  transactions.  A prototype  of  EDI  transmission  software,  primarily  focusing 
on  an  EDI  X.435  User  Agent,  will  encourage  users  to  experiment  with  the  trans- 
mission of  EDI  transactions  through  X.400  networks. 

The  long-term  goals  of  the  EDI  program  are  to  provide  tools  for  effectively 
testing  commercial  EDI  products,  to  assist  in  the  standardization  of  Application 
Program  Interfaces  (APIs)  for  EDI,  and  to  develop  an  evaluation  guidelines  docu- 
ment that  will  assist  users  in  selecting  which  EDI  implementation,  among 
several  candidates,  best  meets  user  requirements.  A FIPS  for  EDI  was  approved  in 
1991.  The  June  1991  CSL  Bulletin  discusses  security  issues  in  the  use  of  EDI. 

With  support  from  the  General  Services  Administration,  CSL  is  deploying  an 
X.500  pilot  for  the  federal  government.  The  pilot  will  transfer  knowledge  con- 
cerning a key  technology,  the  OSI  Directory,  into  government  agencies.  With 
the  burgeoning  use  of  data  communications,  it  becomes  more  critical  that  the 
Directory  be  deployed  to  support  naming,  locating,  and  addressing  resources. 

Data  from  participating  federal  agencies  was  test-loaded  into  the  CSL  proto- 
type X.500  implementation.  Following  deployment  at  NIST,  the  pilot  was  re- 
leased to  agencies  which  ran  Directory  System  Agents  linked  to  those  at  NIST. 

In  keeping  with  the  long-term  objective  of  encouraging  commercial  implementa- 
tion of  X.500,  CSL  is  considering  how  best  to  involve  vendors  in  the  pilot  activ- 
ity. A proposal  for  vendor  participation  is  under  development  and  is  expected 
to  be  distributed  in  mid- 1992. 

In  a related  area,  CSL  concluded  its  collaborative  effort  with  the  Federal  IRM 
Policy  Council  (FIRMPoC),  an  interagency  group  sponsored  by  the  Office  of  Man- 
agement and  Budget,  to  provide  members  with  electronic  mail  (E-mail)  connec- 
tivity based  on  the  CCITT  X.400  series  of  recommendations.  An  interagency 
working  group  chaired  by  CSL  developed  the  procedures  for  interconnecting 
FIRMPoC  members  through  a standards-based  E-mail  facility  on  the  FTS-2000 
network.  The  project  is  now  operational. 

In  July  1991,  CSL  proposed  a FIPS  adopting  the  Version  1.0  Government  Net- 
work Management  Profile  (GNMP)  for  federal  agency  use.  The  GNMP  specifies 
the  common  management  information  exchange  protocol  and  services,  specific 
management  functions  and  services,  and  the  syntax  and  semantics  of  the  man- 
agement information  required  to  support  monitoring  and  control  of  the  network 
and  system  components  and  their  resources.  The  GNMP  builds  on  FIPS  146-1, 
GOSIP,  and  includes  the  GOSIP  Version  2.0  by  reference.  The  GNMP  and 
GOSIP  are  interrelated  and  will  cross-reference  each  other  as  required.  CSL 
also  continued  to  work  with  industiy  consortia  to  bring  the  GNMP  into  align- 
ment with  industry  network  management  efforts. 
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Parallel  Processing. 


Data  Storage. 


ADVANCED  SYSTEMS  DIVISION 


Activities  of  the  Advanced  Systems  Division  focused  on  research  and  technical 
assistance  to  federal  agencies  and  industry  in  parallel  processing,  data  storage, 
distributed  systems,  automated  recognition,  and  Integrated  Services  Digital 
Network  (ISDN). 

Researchers  continued  to  seek  an  integrated  approach  to  the  measurement  and 
characterization  of  computer  performance.  One  approach  focused  on  the  per- 
formance evaluation  of  hypercube-like  designs.  Partially  sponsored  by  the 
Defense  Advanced  Research  Projects  Agency,  researchers  studied  the  speed  of 
communication  which  is  important  in  the  performance  of  programs  for  loosely 
coupled  machines.  NISTIR  4630,  Performance  Evaluation  of  Hypercube  Applica- 
tions: Using  a Global  Clock  and  Time  Dilation,  describes  the  separation  of  the 
communication  component  of  a program,  via  a global  clock,  into  two  states: 
logical  and  physical  delays.  True  measurements  calibrate  the  indirect  dilation 
method  for  a sharper,  quantitative  interpretation  than  otherwise  possible.  A 
“MULTIKRON”  Very  Large  Scale  Integration  (VLSI)  processor  has  been  designed 
and  tested  by  CSL  and  can  now  be  used  for  the  instrumentation  of  various 
parallel  architectures. 

Research  in  data  storage  technologies  resulted  in  the  production  of  a Standard 
Reference  Material  (SRM)  for  magnetic  tape  cartridges.  NIST  Special  Publica- 
tion 260-115,  Standard  Reference  Materials:  Calibration  of  NIST  Standard  Ref- 
erence Material  3201  for  0.5  Inch  (12.65mm)  Serial  Serpentine  Magnetic  Tape 
Cartridge,  describes  the  test  system  design  and  operation  for  the  calibration  of 
the  NIST  secondary  standard  reference  tapes  SRM  3201  for  0.5  inch  (12.65mm) 
22  and  48  track  serial  serpentine  magnetic  tape  cartridges.  The  SRM  promotes 
the  ability  to  interchange  data  both  within  and  among  various  computer  sys- 
tems. When  the  media  is  designed  and  manufactured  on  the  basis  of  a com- 
parison to  a known  and  accepted  standard  reference  media,  reliable 
interchange  is  assured. 

A second  research  area  focused  on  monitoring  and  reporting  techniques  for 
error  rates  and  error  distributions  in  optical  disk  systems.  CSL  hosted  a work- 
shop to  identify  user  requirements  and  to  propose  an  approach  for  docu- 
menting a Small  Computer  System  Interface  (SCSI)  common  command  set  for 
error  rate  monitoring  and  reporting.  Workshop  proceedings  are  contained  in 
NIST  Special  Publication  500-198,  Monitoring  and  Reporting  Techniques  for 
Error  Rate  and  Error  Distribution  in  Optical  Disk  Systems.  Another  new  publica- 
tion, NIST  Special  Publication  500-191,  Test  Methods  for  Optical  Disk  Media 
Characteristics,  resulted  from  a collaborative  effort  with  the  National  Aeronau- 
tics and  Space  Administration.  Monitoring  the  status  of  data  recorded  on  opti- 
cal media  is  important  because  of  its  anticipated  use  for  the  long-term  storage 
of  valuable  data. 
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Distributed  Systems.  CSL  continued  to  conduct  research  and  participate  in  standards  development 

for  distributed  computer  systems  as  interconnected  by  ISDN.  The  development 
of  a voluntary  industry  standard  for  Distributed  Transaction  Processing  pro- 
gressed, including  a formal  description  of  the  protocol  in  Estelle,  a simulation 
model,  and  a prototype  implementation.  Researchers  also  developed  and  de- 
monstrated distributed  applications  using  the  protocol  for  accessing  dis- 
tributed multimedia  information.  Development  of  Application  Profiles  for  ISDN 
is  underway. 

Research  in  distributed  systems  architectures  resulted  in  the  development  of 
a unifying  architecture  called  the  Services  Backplane  which  provides  a com- 
mon interface  between  applications  and  services.  Work  continued  on  a general- 
ized information  system  including  mixed  media  information  (e.g.,  graphics, 
images,  and  text)  via  a Virtual  Workstation  Architecture.  Researchers  also  par- 
ticipated in  the  definition  and  specification  of  the  Application  Software  Interface 
being  developed  in  the  NIU-Forum. 

Researchers  are  planning  for  CSL's  participation  in  the  national  planned 
event  for  demonstrating  standard  ISDN  as  per  the  NIU-Forum  objectives. 
Various  profiles  for  imaging  and  data  are  being  developed. 

Automated  Sponsored  by  the  Bureau  of  the  Census,  CSL  researchers  developed  a hand- 
Recognition.  printed  character  database  consisting  of  2100  pages  of  bi-level,  black  and 
white,  image  data  of  hand-printed  numerals  and  text  stored  in  compressed 
form  on  CD-ROM  (Compact  Disk-Read  Only  Memory).  The  total  image 
database,  in  uncompressed  form,  contains  about  3 gigabytes  of  image  data, 
with  273,000  numerals  and  707,700  alphabetic  characters.  The  hand-printing 
sample  was  obtained  from  a selection  of  field  data  collection  staff  of  the  Bureau 
of  the  Census,  with  a geographic  sampling  corresponding  to  the  population  of 
the  United  States. 

Prior  to  the  development  of  the  database,  no  large  public  source  of  test  data 
for  the  design  and  evaluation  of  character  recognition  technology  was  available. 
The  costs  of  manually  keying  in  data  for  computer  processing  in  government 
and  the  financial  sector  of  the  U.S.  economy  are  presently  estimated  at  $20  bil- 
lion annually.  Character  recognition  technology  can  significantly  improve  the 
productivity  of  these  service  sector  activities.  To  date,  28  universities,  in- 
dustrial R&D  laboratories,  and  users  of  character  recognition  technology  have 
acquired  the  database. 

In  another  image  recognition  project,  two  researchers  won  the  “Best  Paper  of 
1991"  Award  from  the  American  Society  for  Information  Science  (ASIS).  The 
paper,  “Retrieving  Records  from  a Gigabyte  of  Text  on  a Minicomputer  using 
Statistical  Ranking,"  reported  on  the  NIST  Probabilistic  Ranking  Information 
Search  Engine  (PRISE)  system  which  is  a prototype  retrieval  system  using  very 
efficient  algorithms  to  implement  statistically  based  ranked  retrieval  of  informa- 
tion. This  type  of  ranking  has  long  been  known  to  be  superior  to  traditional 
Boolean  retrieval  for  the  average  user,  but  has  received  minimal  commercial  in- 
terest because  of  its  reputed  difficulty  of  implementation. 


Partially  sponsored  by  DARPA,  research  in  speech  recognition  technology 
proceeded  in  collaboration  with  academia  and  industry.  The  use  of  CD-ROM 
data  storage  media  in  the  United  States  for  the  exchange  of  recorded  speech 
databases  ("corpora")  within  the  speech  research  community  continued  to  ad- 
vance. In  addition  to  CD-ROM  sets  released  for  DARPA,  further  releases  will  be 
produced  as  reference  material  for  use  in  speech  research.  CSL's  work  on  the 
design  and  development  of  test  procedures  and  other  materials  for  the  DARPA 
Spoken  Language  Systems  Program  and  other  Department  of  Defense  speech 
research  programs  continued. 


Integrated  Services 
Digital  Network 
(ISDN). 


To  ensure  a strong  user  voice  in  the  implementation  of  ISDN  applications  and 
to  advance  the  standardization  of  ISDN  technology  in  the  United  States,  CSL 
continued  to  sponsor  the  North  American  ISDN  Users’  Forum  (NIU-Forum).  A 
Cooperative  Research  and  Development  Agreement  (CRDA)  with  industry  was 
established  in  FY  1991  to  govern  the  management  of  the  forum. 

Three  forum  meetings  were  held  in  1991  with  about  300  vendor  and  user 
participants.  Two  new  publications  resulted.  NIST  Special  Publication  500- 
194,  ISDN  Conformance  Testing,  Layer  1 - Physical  Layer,  Part  1 - Basic  Rate 
S/T  Interface,  User  Side,  describes  a set  of  test  specifications,  developed  by  NIU- 
Forum  members,  which  test  conformance  of  Terminal  Equipment  (TEs)  and  Net- 
work Termination  (NTs)  to  the  ISDN  Physical  Layer  at  the  S/T  reference  point, 
as  defined  in  American  National  Standard  (ANS)  Tl. 605- 1989.  NIST  Special 
Publication  500-195,  North  American  ISDN  Users'  Forum  Agreements  on  Inte- 
grated Services  Digital  Network,  compiles  the  existing  NIU-Forum  agreements 
as  of  November  1990. 

To  advance  ISDN  as  a global  technology,  CSL  delegates  represented  the  NIU- 
Forum  ISDN  Conformance  Testing  group  (ICOT)  at  the  Consultative  Committee 
on  International  Telephony  and  Telegraphy  (CCITT)  Study  Group  XI  meeting  on 
ISDN  conformance  testing  and  Broadband  ISDN  protocols  in  September  in 
Geneva,  Switzerland.  In  the  conformance  testing  area,  the  layer  2 abstract  test 
suite  developed  by  the  ICOT  was  moved  to  “frozen”  state,  paving  the  way  for 
final  approval  in  April  1992  as  a 1992  Recommendation  named  Q. 92  Ibis.  This 
is  the  first  time  a CCITT  study  group  has  produced  a Recommendation  in  less 
than  two  years.  In  the  Protocol  Implementation  Conformance  Statement  (PICS) 
area,  a CSL  delegate  chaired  an  ad  hoc  group  meeting  on  layer  3 PICS  which 
will  be  moved  forward  to  the  “awaiting  review”  state.  Again,  the  NIU-Forum 
created  a record  of  being  the  first  to  add  a PICS  to  a CCITT  recommendation. 
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PARTICIPATION  IN  VOLUNTARY 
STANDARDS  ACTIVITIES 


CSL  staff  members  participate  in  more  than  85  national  and  international  vol- 
untary standards  activities,  including  the  following: 

American  National  Standards  Institute  (ANSI): 

Information  Systems  Standards  Board  (ISSB) 

Information  Technology  Consultative  Committee  (ITCC) 

USA  Registration  Authority  Committee 

Accredited  Standards  Committee  (ASC): 

Tl,  Telecommunications 

X3,  Information  Processing  Systems 

X9,  Financial  Services 

XI 2,  Electronic  Data  Interchange  (EDI) 

IT9,  Physical  Properties  and  Permanence  of  Imaging  Media 

Institute  of  Electrical  and  Electronics  Engineers  (IEEE): 

IEEE  Standards  Board  and  Committees 
IEEE  Groups  for: 

Local  Area  Networks 

Portable  Operating  System  Interface  (POSIX) 

Graphical  User  Interface 

Software  Engineering 

U.S.  TAG  for  JTC  1 SC  7 

U.S.  TAG  for  JTC  1 SC  22  WG  15 

Futurebus 

International  Organization  for  Standardization  (ISO)/ 

International  Electrotechnical  Commission  (IEC) 

Joint  Technical  Committee  1 (JTC  1)  on  Information  Technology 

U.S.  Technical  Advisory  Group  (TAG)  for  ISO/IEC  JTC  1 (JTC  1 TAG) 

International  Telegraph  and  Telephone  Consultative  Committee  (CCITT) 

Study  Groups  for: 

Data  Communications  Networks 
Switching  and  Signaling 

U.S.  National  Committee  for  CCITT: 

Study  Group  B 
Study  Group  D 


International  Organization  for  Standardization  (ISO) 

Technical  Committees  for: 

Industrial  Automation 

Micrographics  and  Optical  Memories  for  Document  and  Image 
Recording,  Storage  and  Use 

ASC  X3  Subgroups  for: 

BASIC 

Computer  Graphics 
Credit/Identification  Cards 
Database 

Data  Communications 
Data  Interchange 
Data  Representation 
Digital  Magnetic  Tape 
I/O  Interface 

Information  Resource  Dictionary  System 
Information  Technology  Security  Techniques 
LISP 

Open  Distributed  Processing 
Open  Systems  Interconnection 
Optical  Digital  Data  Disks 

Parallel  Processing  Constructs  for  High-Level  Programming  Languages 
Picture  Coding 

Secretariat  Management  Committee  (SMC) 

Standards  Planning  and  Requirements  Committee  (SPARC) 

SPARC  Database  Systems  Study  Group 
Text:  Office  and  Publishing  Systems 
U.S.  TAG  for  JTC  1 SC  2 1 
U.S.  TAG  for  JTC  1 SC  22 

ASC  X9  Subgroups  for: 

Data  and  Information  Security 
Public-Key  Cryptography  for  Financial  Institutions 
Security  for  Financial  Systems 
Wholesale  Banking 

ASC  X12  Subgroup  for: 

Security 

X12/EDIFACT  Alignment 

ASC  T1  Technical  Subcommittee  for: 

Services,  Architecture  and  Signaling 


JTC  1 TAG  Subgroups  for: 

Advisory  Committee 
Applications  Portability 
EDI 

Functional  Standards 
Procedures 

Registration  Authorities 

ISO/IEC  JTC  1 Subcommittees  or  Groups  for: 

Advisory  Group 
Applications  Portability 
Computer  Graphics 

Design  and  Documentation  of  Computer-Based  Information  Systems 
Flexible  Magnetic  Media  for  Digital  Data  Interchange 
Functional  Standardization 

Information  Retrieval,  Transfer  and  Management  for  OSI 
Information  Technology  Security  Techniques 
Interconnection  of  Information  Technology  Equipment 
Languages 

Optical  Disk  Cartridges  for  Information  Interchange 

POS1X 

Procedures 

Registration  Authorities 
Representation  of  Data  Elements 

Telecommunications  and  Information  Exchange  Between  Systems 
Text  and  Office  Systems 

European  Computer  Manufacturers  Association  (ECMA)  Technical 
Committees  or  Task  Groups  for: 

Lower  Four  OSI  Layers  and  Local  Area  Networks 
Magnetic  Tapes 

PCTE  (Portable  Common  Tool  Environment)  TC33/TGEP 
Reference  Model  for  Software  Environments  TC33/TGRM 

European  Workshop  on  Open  Systems  (EWOS) 

Expert  Group  on  Common  Application  Environments  (to  be  changed  to  OSE) 
EG-CAE 

Association  for  Information  and  Image  Management  (AIIM) 

Canadian  Committee  on  Geomatics 
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Data  Administration  Management  Association  Standards  and  Procedures 
Subgroup 

Federal  Interagency  Coordinating  Committee  on  Digital  Cartography 
Federal  Telecommunication  Standards  Committee 
International  Association  for  Identification 

National  Association  of  State  Information  Resource  Executives  (NASIRE) 
NIST  OSI  Implementors  Workshop  (OIW) 

North  American  ISDN  Users’  Forum  (NIU -Forum) 

U.S.  Board  on  Geographic  Names 

CSL  staff  members  hold  key  leadership  positions  in  many  of  the  above 
activities. 
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COLLABORATION  WITH  GOVERNMENT, 
INDUSTRY,  AND  ACADEMIA 

In  1991,  CSL  collaborated  with  the  following  agencies  in  government,  industry, 
and  academia,  some  of  which  supported  CSL  research  through  funding  or  the 
loan  of  equipment  or  software. 

Federal  Agencies 

Department  of  Defense 
Ada  Joint  Program  Office 

Air  Force  American  Forces  Information  Service 

Air  Force  Communications  Command 

Air  Force,  Scott  Air  Force  Base,  Illinois 

Army  Engineering  Division,  Huntsville,  Alabama 

Army,  Fort  Huachuca,  Arizona 

Army  Information  Systems  Command 

Army  Sustaining  Base  Information  Services 

Computer-aided  Acquisition  and  Logistics  Support  (CALS) 

Corporate  Information  Management  Office 
Defense  Advanced  Research  Projects  Agency 
Defense  Communications  Agency 
Defense  Logistics  Agency 
Joint  Interoperability  Test  Center 

Joint  Tactical  Command  Control  Communications  Agency 
National  Security  Agency 
Naval  Military  Personnel  Command 
Navy  Fleet  Combat  Direction  System  Support  Activity 
Navy  Next  Generation  Computer  Resources 
Navy  Space  and  Naval  Warfare  Systems  Command  Center 
Navy  Information  Technical  Acquisition  Center 
Office  of  the  Secretary  of  Defense 
Department  of  Commerce,  Bureau  of  the  Census 
Department  of  Education 
Department  of  Energy 
Department  of  Health  and  Human  Services 
Department  of  the  Interior 

Department  of  Justice,  Federal  Bureau  of  Investigation 
Department  of  State 

Department  of  the  Treasury,  Financial  Management  Service 
Department  of  the  Treasury,  Internal  Revenue  Service 
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Federal  Agencies  (continued) 


Department  of  Veterans  Affairs 
Environmental  Protection  Agency 
Farmers  Home  Administration 
Federal  Emergency  Management  Agency 
General  Services  Administration 
National  Aeronautics  and  Space  Administration 
National  Archives  and  Records  Administration 
Nuclear  Regulatory  Agency 
Office  of  Management  and  Budget 
Securities  and  Exchange  Commission 
Social  Security  Administration 
Tennessee  Valley  Authority 

Industry 

3Com 
Bellcore 
Data  General 

Digital  Equipment  Corporation 

Environmental  Sciences  Research  Institute 

Geovision  Corporation 

Hewlett-Packard 

Hughes  Aircraft  Company 

Interactive  Systems 

International  Business  Machines 

Network  General 

Novell 

Prime  Computer 
RETIX 

Servio  Logic  Corporation 
Spatial  Data  Sciences 
Sun  Microsystems 
Teledyne  Brown 
Textronix 

TYDAC  Corporation 
Wollongong  Group 
Xerox 

Academia 

George  Washington  University 

University  of  Toronto 

Virginia  Commonwealth  University 
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CSL  COOPERATIVE  RESEARCH  & 
DEVELOPMENT  AGREEMENTS  (CRDAs) 

As  of  Januaiy  6,  1992 


RESEARCH  PARTNER 

Open  Systems  Environments 

Sun  Microsystems,  Inc. 

Digital  Equipment  Corporation 

Eagen,  William  J. 

Mindcraft,  Inc. 

X/Open  Ltd. 

International  Business 
Machines  Corporation 
Open  Software  Foundation 
Oracle  Federal  Division 

Computer  Security 

Bellcore 


PROJECT 

Application  Portability 
Profile  (APP) 
Application  Portability 
Profile  (APP) 
Application  Portability 
Profile  (APP) 
Application  Portability 
Profile  (APP) 
Application  Portability 
Profile  (APP) 
Application  Portability 
Profile  (APP) 

Graphical  User  Interface 
Mathematical  Methods 
Information  Systems 
Life  Cycle  Cost  Savings 


Computer  Systems  Security 


Integrated  Services  Digital  Network 

UNITEL  Communications,  Inc. 

U.S.  Sprint 

Siemens  Stromberg-Carlson 
Ameritech 

Eastman  Kodak  Company 

First  National  Bank  of  Chicago,  The 

AT&T  Bell  Labs 

Bell  Communications  Research 
Pacific  Bell 

Aeronautical  Radio,  Inc.  (ARINC) 
NYNEX 

American  Management  Systems,  Inc. 
TASC  (The  Analytic  Sciences  Corp.) 
Verilink  Corporation 
CIMI  Corporation 


(ISDN) 

NIU-Forum  (North  American 
ISDN  Users'  Forum) 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
NIU-Forum 
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RESEARCH  PARTNER 


PROJECT 


American  Computer  & Electronics 
Corporation 
U.S.  West 

Vanguard  Research 
Boeing  Computer  Support 
Services,  Inc. 

Southwestern  Bell 
U.S.  Air  Force  (Technology 
Integration  Center) 

Raynor  Associates,  Inc. 

Motorola,  Inc. 

Electronic  Data  Systems  Corporation 
Idacom  Electronics,  Ltd. 

General  DataComm,  Inc. 

National  Aeronautics  and  Space 
Administration  (NASA) 

Hayes  Microcomputer  Products,  Inc. 
Mitel  Corporation 
Memorex  Telex  Corporation 
Department  of  Defense  (National 
Security  Agency) 

Bell  Atlantic 

Defense  Communication  Agency 
International  Business  Machines 
Corporation 
University  of  Michigan 
Teleos  Communications,  Inc. 

Rome  Research  Corporation 
Baxter  Healthcare  Corporation 
Schindler  Elevator  Corporation 
Johnson  & Johnson  Hospital 
Services,  Inc. 

Northern  Telecom 
DGM&S,  Inc. 

Bell  Communications  Research 

Loral  Aerospace 

COMSAT  Corporation 

Datacom,  Inc. 

Tekelec,  Inc. 


NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

NIU-Forum 

Broadband  ISDN  Standards 
and  Technology 
Integrated  Services 
Digital  Network 
Integrated  OSI,  ISDN,  and 
Security  Program 
Test  and  Demonstrate  ISDN 
Protocols  and  Services 
EDI  and  ISDN 
X-25  Standards  Tests 
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RESEARCH  PARTNER 


PROJECT 


Multimedia  Technology 

Interactive  Multimedia  Association 

Multimedia  Forum 

Open  Systems  and  Networks 

Aeronautical  Radio,  Inc. 

(ARINC) 

Network  Management  Testbed 

Corporation  for  Open  Systems 

GOSIP 

Software  Standards  Validation 

Washington  Software  Technologies, 

Inc. 

Basic  Test  Suite 

Speech  Research 

NYNEX  Corporation 

N-TIMET  Database 

Parallel  Processing  Research 

Convex  Computer  Corporation 

MULTI KRON  Project 
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GUEST  RESEARCHERS  FY  1991 


Guest  Scientists  and  Research  Associates  26 

Organizations  represented  included: 

Bellcore 

Environmental  Protection  Agency 

Institute  of  Geology,  Beijing,  China 

Institut  National  Des  Telecommunications,  France 

International  Business  Machines 

International  Computers  Ltd.,  United  Kingdom 

National  Science  Foundation 

Northeast  University  of  Technology 

Armament  Development  Authority,  Rafael,  Haifa,  Israel 

Space  Science  & Tech  Center,  Chinese  Academy  of  Science 

Sun  Microsystems 

Swedish  Telecom  & Scholarship 

Telecommunications  Laboratory,  Ministry  of  Communications,  Taiwan 
University  of  Bordeaux,  France 
University  of  Twente,  Netherlands 

Washington  Software  Technologies  Inc.,  Annandale,  VA 


Faculty  Appointments  6 

University  of  Maryland,  College  Park,  MD 
University  of  Maryland,  Baltimore,  MD 
University  of  Pittsburgh 
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NIST  SPEC.  PUB. 

500-159 

500-160 

500-161 

500-162 

500-163 

500-164 

500-165 

500-166 


NIST  PUBLICATIONS 

NIST  COMPUTER  SYSTEMS 
TECHNOLOGY  SERIES 
FY  1989  ■ FY  1991 

TITLE 

Data  Administration:  Management  and  Practice  - Proceedings  of  the  First  DAMA 
Symposium 

Judith  J.  Newton  and  Frankie  E.  Spielman,  Editors 
SN  003-003-02901-7  $7.00  Oct  1988 

Report  of  the  Invitational  Workshop  on  Integrity  Policy  in  Computer  Information 
Systems  (WIPCIS) 

Stuart  W.  Katzke  and  Zella  R.  Ruthberg,  Editors 
SN  003-003-02904-1  $11.00  Jan  1989 

Software  Configuration  Management:  An  Overview 
By  Wilma  Osborne 

SN  003-003-02927-1  $2.00  Mar  1989 

Stable  Implementation  Agreements  for  Open  Systems  Interconnection  Protocols  - 

Version  2,  Edition  1 

Tim  Boland,  Workshop  Chairman 

SN  003-003-02921-1  $26.00  Dec  1988 

Government  Open  Systems  Interconnection  Users'  Guide 
By  Tim  Boland 

PB  90-1 11212  $23.00  Aug  1989 

Electronic  Publishing:  Guide  to  Selection 
By  Lynne  Rosenthal 

SN  003-003-02938-6  $2.50  Jun  1989 

Software  Verification  and  Validation:  Its  Role  in  Computer  Assurance  arid  Its 
Relationship  with  Software  Product  Management  Standards 
By  Dolores  Wallace  and  Roger  Fujii 
SN  003-003-02959-9  $2.25  Sep  1989 

Computer  Viruses  and  Related  Threats:  A Management  Guide 
By  John  P.  Wack  and  Lisa  J.  Carnahan 
SN  003-003-02955-6  $2.50  Aug  1989 


SN  numbers  - stocked  by  GPO 
PB  numbers  - stocked  by  NTIS 
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NIST  SPEC.  PUB. 

500-167 

500-168 

500-169 

500-170 

500-171 

500-172 

500-173 

500-174 

500-175 


500-176 


TITLE 

Information  Management  Directions:  The  Integration  Challenge 
By  Elizabeth  N.  Fong  and  Alan  H.  Goldline 
SN  003-003-02973-4  $9.00  Sep  1989 

Report  of  the  Invitational  Workshop  on  Data  Integrity 
By  Zella  G.  Ruthberg  and  William  T.  Polk 
SN  003-003-02966-1  $20.00  Sep  1989 

Executive  Guide  to  the  Protection  oj  Information  Resources 
By  Cheryl  Helsing,  Marianne  Swanson,  and  Mary  Anne  Todd 
SN  003-003-02969-6  $1.50  Oct  1989 

Management  Guide  to  the  Protection  of  Information  Resources 
By  Cheryl  Helsing,  Marianne  Swanson,  and  Mary  Anne  Todd 
SN  003-003-02968-8  $1.75  Oct  1989 

Computer  Users'  Guide  to  the  Protection  of  Information  Resources 
By  Cheryl  Helsing,  Marianne  Swanson,  and  Mary  Anne  Todd 
SN  003-003-02970-0  $1.00  Oct  1989 

Computer  Security  Training  Guidelines 
By  Mary  Anne  Todd  and  Constance  Guitian 
SN  003-003-02975-1  $2.50  Nov  1989 

Guide  to  Data  Administration 

By  Bruce  K.  Rosen  and  Margaret  H.  Law 

SN  003-003-02967-0  $4.25  Oct  1989 

Guide  for  Selecting  Automated  Risk  Analysis  Tools 
By  Irene  E.  Gilbert 

SN  003-003-02971-8  $2.00  Oct  1989 

Management  of  Networks  Based  on  Open  Systems  Interconnection  (OSI) 
Standards:  Functional  Requirements  and  Analysis 

By  Robert  Aronoff,  Michael  Chemick,  Karen  Hsing,  Kevin  Mills,  and  Daniel 
Stokesberry 

SN  003-003-02986-6  $7.00  Nov  1989 

Introduction  to  Heterogeneous  Computing  Environments 
By  John  Barkley  and  Karen  Olsen 
PB  90-154774  $11.00  Nov  1989 


SN  numbers  - stocked  by  GPO 
PB  numbers  - stocked  by  NT1S 
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NIST  SPEC.  PUB. 

500-177 

500-178 

500-179 

500-180 

500-181 

500-182 

500-183 

500-184 

500-185 

500-186 


TITLE 

Stable  Implementation  Agreements  for  Open  Systems  Interconnection  Protocols, 
Version  3,  Edition  1 , Dec  1 989 
Tim  Boland.  Workshop  Chairman 
SN  003-003-02995-5  $31.00  Dec  1989 

Proceedings  of  the  Hypertext  Standardization  Workshop.  January  16-18,  1 990 
By  J.  Moline,  D.  Benigni,  and  J.  Baronas 
SN  003-003-02998-0  $14.00  Mar  1990 

Object  Database  Management  Systems:  Concepts  and  Features 
By  C.  Dabrowski,  E.  Fong,  and  D.  Yang 
SN  003-003-03007-4  $3.75  Apr  1990 

Guide  to  Software  Acceptance 

By  Dolores  Wallace  and  J.  Chemiavsky 

SN  003-003-03008-2  $2.50  Apr  1990 

PHIGS  Validation  Tests  (Version  1.0):  Design  Issues 
By  John  Cugini,  Mary  T.  Gunn,  and  Lynne  S.  Rosenthal 
SN  003-003-03028-7  $1.75  Jul  1990 

Guidelines  for  the  Evaluation  of  Message  Handling  Systems  Implementation 
By  Steve  Trus,  Curtis  Royster,  and  Paul  Markovitz 
PB  90-269598  $23.00  Aug  1990 

Stable  Implementation  Agreements  for  Open  System  Interconnection  Protocols, 

Version  4,  Edition  1 , December  1 990 

Tim  Boland,  Workshop  Chairman 

SN003-0 15-00000-4  $50.00  Dec  1990 

Functional  Benchmarks  for  Fourth  Generation  Languages 
By  Martha  M.  Gray  and  Gaiy  E.  Fisher 
SN003-003-0307 1 -6  $3.25  Mar  1991 

Guide  to  Design.  Implementation  and  Management  of  Distributed  Databases 
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Use  of  the  IRDS  Standard  in  CALS 
By  David  K.  Jefferson  and  Cita  M.  Furlani 
September  1989  PB91- 132209  $15.00 
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Roback,  Edward;  Computer  Security  Roles  of  NIST  and  NSA.  CSL  Bulletin. 
February  1991. 

Roback,  Edward:  FIPS  140  - A Standard  in  Transition,  CSL  Bulletin.  April 
1991. 

Radaek,  Shirley;  The  Gosip  Testing  Program.  CSL  Bulletin.  May  1991. 
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of  the  IEEE,  Vol.  79,  No.  2.  Februaiy  1991. 
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Progress  and  Outlook.  Worldwide  Recognition  of  OSI  Test  Results  Workshop 
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Harman,  D.;  User-Friendly  Systems  Instead  of  User-Friendly  Front-Ends. 
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file (GNMP).  Proceedings  of  IEEE  MILCOM  ’91  Conference. 

Moline,  Judi;  Using  Standards  to  Facilitate  Access  and  Reuse  of  Informa- 
tion. Proceedings  of  ICHIM ’91. 
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CONFERENCES  AND  WORKSHOPS 


1990 

October  1-4 

October  2-4 

October  11-12 
October  15 
October  23 
October  24-25 
October  29 
November  5-8 
November  15 
December  10-14 
December  17 

1991 

January  17-18 

January  22-23 
February  12 
February  20-21 
Feb  26-Mar  1 
March  11-15 
March  22 
April  9-10 
May  2-3 


October  1990  - December  1991 

13th  National  Computer  Security  Conference  (cosponsored  by  the  National 
Computer  Security  Center  [NCSC]) 

6th  International  Conference  on  the  Application  of  Standards  for  Open  Systems 
(cosponsored  by  the  Institute  of  Electrical  and  Electronics  Engineers  (IEEE) 
and  the  IEEE  Computer  Society) 

Workshop  on  Integrated  Software  Engineering  Environments  (ISEE) 

Workshop  on  Formatted  Document  Recognition 
Lecture  Series  on  High  Integrity  Systems 
Department  of  Defense  Electronic  Data  Interchange 
Multimedia  Systems  Workshop 
North  American  ISDN  Users'  Forum 

Applications  Portability  Profile/Open  Systems  Environment  (APP/OSE)  Workshop 
OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 
Lecture  Series  on  High  Integrity  System 

International  Workshop  on  Conformance  Testing  of  Programming  Language 
Standards 

Workshop  on  the  Assurance  of  High  Integrity  Software 
Lecture  Series  on  High  Integrity  Systems 
Computer  Security  Educators  Conference 
North  American  ISDN  Users’  Forum 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 
Lecture  Series  on  High  Integrity  Systems 
Workshop  on  Security  Labels  for  Open  Systems 
Department  of  Defense  Electronic  Data  Interchange 
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May  6-8 

Worldwide  Recognition  of  OSI  Test  Results  (cosponsored  by  the  International 

Organization  for  Standardization  and  the  International  Electrotechnical  Commission) 

May  9 

Applications  Portability  Profile/Open  Systems  Environment  (APP/OSE)  Workshop 

May  14-15 

Fourth  Annual  Data  Administration  Management  Association  (DAMA) 
Symposium  (cosponsored  by  DAMA  National  Capital  Region) 

June  3 

Lecture  Series  on  High  Integrity  Systems 

June  10-14 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 

June  17 

Workshop  on  X.400  in  the  Federal  Government 

June  17-20 

North  American  ISDN  Users’  Forum 

June  20 

29th  Association  for  Computing  Machineiy  (ACM)  Annual  Technical  Symposium 

June  24-28 

6th  Annual  Conference  on  Computer  Assurance  (COMPASS  ’91)  (cosponsored 
by  the  IEEE  National  Capital  Area  Council  and  the  IEEE  Aerospace  and 
Electronic  Systems  Society) 

August  5 

Workshop  on  Monitoring  and  Reporting  Techniques  for  Error  Rates  and  Error 
Distributions  in  Optical  Disk  Systems 

August  6-8 

Risk  Management  Workshop 

September  9-13 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 

September  27 

Hypermedia  Lecture  Series 

October  1-4 

North  American  ISDN  Users’  Forum 

October  1-4 

14th  National  Computer  Security  Conference  (cosponsored  by  NCSC) 

October  1 1 

Lecture  Series  on  High  Integrity  Software 

October  1 1 

Lecture  on  Object-Oriented  Databases 

November  8 

Hypermedia  Lecture  Series 

November  8 

Lecture  Series  on  High  Integrity  Software 

November  12 

Applications  Portability  Prolile/Open  Systems  Environment  (APP/OSE)  Workshop 

November  18 

Computer  Security  Awareness  Seminar 

December  2 

Computer  Security  Day 

December  3 

Lecture  Series  on  High  Integrity  Systems 

December  9-13 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 
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PLANNED  CONFERENCES  AND  WORKSHOPS 


1992 


January  24 

Hypermedia  Lecture  Series 

February  14 

Lecture  Series  on  High  Integrity  Systems 

February  18-21 

Spatial  Data  Transfer  Standard  Workshop 

February  25-28 

North  American  ISDN  Users’  Forum 

March  6 

Hypermedia  Lecture  Series 

March  9-13 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 

April  3 

Lecture  Series  on  High  Integrity  Systems 

April  10 

Hypermedia  Lecture  Series 

April  27-29 

CD-ROM  Technical  Conference 

May  18 

Lecture  Series  on  High  Integrity  Systems 

June  2-5 

North  American  ISDN  Users’  Forum 

June  8-12 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 

June  15-19 

COMPASS  ’92  (cosponsored  by  the  IEEE  National  Area  Council  and  the  IEEE 
Aerospace  and  Electronics  Systems  Society) 

September  21-25 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 

October  27-30 

North  American  ISDN  Users’  Forum 

November  16-20 

Transcontinental  ISDN  Project  ’92 

December  14-18 

OSI  Implementors  Workshop  (cosponsored  by  the  IEEE  Computer  Society) 
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TALKS 


During  the  past  year,  CSL  staff  members  presented  papers  and  gave  talks  to  a 
large  number  of  external  organizations,  including  the  following: 

ACM/NIST  29th  Annual  Technical  Symposium 

American  Bar  Association 

American  National  Standards  Institute  (ANSI) 

American  Society  for  Industrial  Security 
Association  for  Computing  Machinery  (ACM) 

Association  for  Federal  Information  Resources  Management  (AFFIRM) 

Canadian  Communications  Security  Establishment 
Camegie-Mellon  University 
CASE  Expo,  Spring  1991 

COMPASS’91,  Annual  Conference  on  Computer  Assurance 
Computer-aided  Acquisition  and  Logistic  Support  (CALS)  Expo’9 1 
Conference  and  Exposition 
Computer  Security  Institute 
Computer  Integrated  Manufacturing  Conference 
Computer  Networks  ’9 1 
Corporation  for  Open  Systems 

Data  Administration  Management  Association  (DAMA) 

DARPA 

Data  Interchange  Standards  Association 
Data  Processing  Management  Association 
DECUS  Symposium 

Defense  & Government  Computer  Graphics  Conference 
Defense  Finance  and  Accounting  Service 
Department  of  Commerce,  Bureau  of  the  Census 
Department  of  Defense 
Department  of  Health  and  Human  Services 

Eastern  Small  College  Computing  Conference 
EDI  and  Government  Computer  News  Conference 
EDP  Auditors  Association 
Entity-Relationship  User’s  Group 

Federal  ADP  Users  Group 
Federal  Computer  Conference 

Federation  of  Government  Information  Processing  Councils 

Geographic  Information  and  Spacial  Data  Exposition  and  Conference 
George  Washington  University 

Government  Technology  Conference  and  Exposition 
Graphics  Users  Workshop 
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Hewlett-Packard 

Honeywell  Federal  Systems  Division 

Information  Systems  Security  Association  (ISSA)  ’9 1 
INFORUM 

Institute  for  Supercomputing  Research  of  Japan 
Institute  of  Electrical  and  Electronics  Engineers  (IEEE) 

Institute  of  Engineers,  Australia  Conference 

Institut  National  de  Telecommunications,  Evry,  France 

Interagency  Working  Group  on  Management  of  Data  for  Global  Change 

Internal  Revenue  Service 

International  Conference  on  Research  and  Development  in 
Information  Retrieval 

International  Data  Administration  Symposium 
International  Joint  Conference  on  Neural  Networks  '91 
International  Neural  Network  Society 
INTEROP  '91 

Joint  Data  Standardization  Conference 

Joint  International  Conference  on  Vector  and  Parallel  Processing, 
Zurich,  Switzerland 

Los  Alamos  National  Laboratory 

MAP/TOP  Users  Group 
MITRE  Corporation 

National  Aeronautics  and  Space  Administration 
National  Archives  and  Records  Administration 
National  Association  of  State  Election  Directors 
National  Communications  Forum,  Chicago 
National  Computer  Graphics  Association 
National  Computer  Security  Center 
National  Computer  Security  Conference 
National  Contract  Management  Association 
National  Endowment  for  the  Humanities 
National  Science  Foundation 
National  Security  Industrial  Association 
Naval  Surface  Warfare  Center 

NIST  Applications  Portability  Profile/Open  Systems  Environment 
(APP/OSE)  Workshops 
NIST  Fingerprint  Image  Analysis  Workshop 
NIST  OSI  Implementors  Workshop  (OIW) 

North  American  Integrated  Services  Digital  Network  Users’  Forum 
(NIU-Forum) 
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Ohio  Supercomputing  Research  Center 
Open  Software  Foundation 

Quality  Assurance  Institute 

Second  National  Conference  on  Optical  Storage  Laws  and 
Regulations 

Sixth  International  Conference  on  Standards  for  Open  Systems 
Smithsonian  Seminar  on  Scientific  Imaging 
Software  AG  Federal  Industry  Group 

Standards  for  Computer  Integrated  Manufacturing  Conference 
Supercomputer  Technology  Conference 

Symposium  on  High-Speed  Telecommunications  and  Integrated 
Hospital  Imagery 

Tenth  International  IFIP  WG6. 1 Symposium  on  Protocol 
Specification,  Testing,  and  Verification 
Thirteenth  International  Conference  on  Research  and  Development 
in  Information  Retrieval 

Unigraphics  Users  Group 
University  of  Arizona 
University  of  Maryland 
UNIX  International 

X/OPEN 
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ELECTRONIC  BULLETIN  BOARDS 


CSL  operates  four  electronic  bulletin  boards  for  information  exchange: 


Information  about  computer  security 
9600  baud  only 


(301)  948-5717 
(301)  948-5140 


Information  about  data  management 
activities  and  applications 


(301)  948-2048 
and  948-2059 


Information  about  Open  Systems  (301)  869-8630 

Interconnection  standards  activities 


Information  about  the  North  American 
Integrated  Services  Digital  Network 
(ISDN)  Users’  Forum  (NIU-Forum) 

NIST  operates  the  following  bulletin  board: 

Information  about  the  Computer-aided 
Acquisition  and  Logistic  Support  (CALS) 
Program 


(301)  869-7281 


(301)  921-9842 
and  948-7438 


Users  can  reach  the  bulletin  boards  by  dialing  the  numbers  listed  above. 
Terminals  should  have  the  following  capabilities: 

ASCII,  300,  1200,  or  2400  baud  (9600  baud  available  for  computer  security 
bulletin  board  only),  8 bits  with  no  parity  or  7 bits  with  even  parity,  1 stop  bit. 

If  a connection  is  not  established  at  the  end  of  two  rings  or  if  the  line  is  busy, 
hang  up  and  try  again. 

After  “CONNECT,”  strike  the  carriage  return  twice  and  the  system  will  be 
accessed.  The  system  will  now  guide  you  through  the  bulletin  board  by  asking 
key  questions  and  providing  helpful  menus. 
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USER  GROUPS  SPONSORED  BY  CSL 


The  Open  Systems  Interconnection  (OSI)  Implementors  Workshop  (OIW)  meets 
four  times  a year  to  discuss  detailed  implementation  specifications  for  OSI  standards. 

CONTACT:  Tim  Boland 

B-217  Technology  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD  20899 

Telephone:  (301)  975-3608 


The  joint  ISDN  Users’  Workshop  and  ISDN  Implementors'  Workshop  of  the 
North  American  ISDN  Users’  Forum  (NIU-Forum)  meets  three  times  a year  to 
address  application  requirements  and  to  develop  application  profiles  for  ISDN 
products  and  services. 

CONTACT:  Dawn  Hoffman 

B-364  Materials  Building 

National  Institute  of  Standards  and  Technology 
Gaithersburg,  MD  20899 
Telephone:  (301)  975-2937 


The  Applications  Portability  Profile/Open  System  Environment  (APP/OSE) 
User  Forum  meets  twice  a year  to  identify  federal  requirements  and  to  discuss 
the  development  of  an  architectural  approach  to  applications  portability  in  an 
open  system  environment. 

CONTACT:  James  Hall 

B-266  Technology  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD  20899 

Telephone:  (301)  975-3273 


The  Graphics  in  Government  (GIG)  Users’  Group  focuses  on  the  specific  and 
unique  graphics  technology  needs  of  federal  agencies,  increases  communica- 
tion among  agencies,  and  advises  government  managers  and  users  about  cur- 
rent and  planned  activities  to  assist  agencies  in  the  area  of  graphics  technology 
and  standards. 

CONTACT:  Daniel  Benigni 

A-266  Technology  Building 

National  Institute  of  Standards  and  Technology 

Gaithersburg,  MD  20899 

Telephone:  (301)  975-3266 
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FIPS  NO. 
0 

1-2 

2-1 

3- 1 

4- 1 

5- 2 

6- 4 

7 

8- 5 

9- 1 


FIPS  PUBLICATIONS  LIST 
BY  FIPS  NUMBER 

1991  December 


CATEGORY 

(1)  P 

(2&3)  S 

(2)  S 

(2)  S 

(4)  S 

(4)  S 

(4)  S 


(4)  S 


(4)  S 


TITLE-DATE 

General  Description  of  FIPS  Register 
68  Nov  01 

Code  for  Information  Interchange,  Its 
Representations,  Subsets,  and  Extensions 
(ANSI  X3.4- 1977,  X3.32-1973,  X3.41-1974) 

84  Nov  14 

Perforated  Tape  Code  for  Information  Inter- 
change (ANSI  X3.6-  1965/R1983  & R1991) 

84  Nov  14 

Recorded  Magnetic  Tape  for  Information  Inter- 
change (800  CPI,  NRZI)  (ANSI  X3.22-1973) 

73  June  30 

Representation  for  Calendar  Date  and  Ordinal 
Date  for  Information  Interchange 
(ANSI  X3.30-1985/R1991) 

88  Jan  27 

Codes  for  the  Identification  of  the  States,  the 
District  of  Columbia  and  the  Outlying  Areas  of 
the  United  States,  and  Associated  Areas 
87  May  28 

Counties  and  Equivalent  Entities  of  the 

United  States,  Its  Possessions,  and  Associated  Areas 

90  Aug  31 

WITHDRAWN 

Metropolitan  Statistical  Areas  (MSAs)  (Including 
CMSAs,  PMSAs,  and  NECMAs) 

84  Oct  31 

Congressional  Districts  of  the  U.S. 

90  Nov  30 


CHANGE  NOTICES 


1 


1 

1 


6 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer- Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

10-3 

(4)  S 

Countries,  Dependencies,  Areas  of  Special 

Sovereignty,  and  Their  Principal  Admin.  Divs. 

84  Feb  09 

10 

*11-3 

(3)  G 

Guideline:  Amencan  National  Dictionary  for  Inform. 
Systems  (ANSI  X3. 172- 1990) 

91  Feb  01 

12-2 

WITHDRAWN 

1 

13 

(2)  S 

Rectangular  Holes  in  Twelve-Row  Punched  Cards 
(ANSI  X3.21-1967/R1980  & R1991) 

71  Oct  01 

14-1 

(2)  S 

Hollerith  Punched  Card  Code  (ANSI  X3.26-1980/R1991) 

80  Dec  24 

15 

WITHDRAWN 

1 

16-1 

(7)  S 

Bit  Sequencing  of  Code  for  Information  Inter- 
change in  Serial-By-Bit  Data  Transmission 
(ANSI  X3. 15-  1976/R1983  & R1990) 

77  Sept  01 

17-1 

(7)  S 

Character  Structure  and  Char.  Parity  Sense  for 
Serial-By-Bit  Data  Communication  in  the  Code  for 

Inform.  Interchg.  (ANSI  X3.16-1976/R1983  & R1990) 

77  Sept  01 

18-1 

(6)  S 

WITHDRAWN 

1 

19-1 

(4)  G 

Catalog  of  Widely  Used  Code  Sets 

85  Jan  07 

2 

20 

WITHDRAWN 

1 

*21-3 

(3)  S 

COBOL  (ANSI  X3.23-1985  & X3.23A-1989) 

90  Jan  12 

1 

‘Approved  in  1991 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer- Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P- Program  Information  Document  T-Conformance  Tests 
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FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

22-1 

(7)  S 

Synchronous  Signaling  Rates  Between  Data 

Terminal  and  Data  Communication  Equip. 

(ANSI  X3. 1-1976) 

77  Sept  01 

23 

WITHDRAWN 

1 

24 

WITHDRAWN 

1 

25 

(2)  S 

Recorded  Magnetic  Tape  for  Information  Interchg. 

(1600  CPI.  Phase  Encoded)  (ANSI  X3.39-1973) 

73  June  30 

26 

(2)  S 

One-Inch  Perforated  Paper  Tape  for  Information 

Interchange  (ANSI  X3.18-1967/R1974&1982  & 1990) 

73  June  30 

27 

(2)  S 

Take-Up  Reels  for  One-Inch  Perforated  Tape  for 

Information  Interchg.  (ANSI  X3.20-1967/R1982  & 1990) 

73  June  30 

28 

(4)  P 

Standardization  of  Data  Elements  and  Representations 

73  Dec  05 

1 

29-2 

(1&3)  P 

Interpretation  Procedures  for  Federal  Information 
Processing  Standards  for  Software 

87  Sept  14 

30 

(3)  S 

Software  Summary  for  Describing  Computer  Programs 
and  Automated  Data  Systems 

74  June  30 

31 

(5)  G 

Guidelines  for  Automatic  Data  Processing  Physical 

Security  and  Risk  Management 

74  June — 

32-1 

(2)  S 

Character  Sets  for  Optical  Char.  Recognition  (OCR) 

(ANSI  X3.2-1970/R1976.X3. 17-  1981/R1989,  X3.49-1975/ 

R1982  & 1989) 

82  June  25 

33-1 

(2)  S 

Character  Set  for  Handprinting  (ANSI  X3.45-1982/R1989) 
84  Nov  05 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards /guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P- Program  Information  Document  T-Conformance  Tests 
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FIPS  NO.  CATEGORY 


TITLE-DATE 


CHANGE  NOTICES 


34 

35 

36 

37 

38 


39 

40 

41 


42-1 


43 

44 

45 


46-1 

47 

48 


(1)  P Guide  for  the  Use  of  International  System  of  Units  (SI)  in 

Federal  Information  Processing  Standards  Publications 

75  Jan  01 

WITHDRAWN 

WITHDRAWN 

WITHDRAWN 

(3)  G Guidelines  for  Documentation  of  Computer  Programs 

and  Automated  Data  Systems 

76  Feb  15 

(5)  G Glossary  for  Computer  Systems  Security 
76  Feb  15 

(2)  G Guideline  for  Optical  Character  Recognition  Forms 

76  May  01 

(5)  G Computer  Security  Guidelines  for  Implementing  the 

Privacy  Act  of  1974 

75  May  30 

(6)  G Guidelines  for  Benchmarking  ADP  Systems  in  the 

Competitive  Procurement  Environment 

77  May  15 

WITHDRAWN 

WITHDRAWN 

(4)  G Guide  for  the  Development,  Implementation  & Mainte- 

nance of  Standards  for  the  Representation  of  Computer 
Processed  Data  Elements 

76  Sept  30 

(5)  S Data  Encryption  Standard 

88  Jan  22 

WITHDRAWN 

(5)  G Guidelines  on  Evaluation  of  Techniques  for  Automated 
Personal  Identification 

77  Apr  01 


1 

1 

1 


1 

1 


1 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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FIPS  NO. 

49 

50 

51 

52 

53 

*54-1 

55DC-4 

55-2 

56 

57 


CATEGORY 
(6)  G 


(2)  S 


(2)  S 


(2)  S 


(3)  S 


(2)  S 


(4)  G 


(4)  G 


TITLE-DATE  CHANGE  NOTICES 

Guideline  on  Computer  Performance  Management: 

An  Introduction 

77  May  01 

Recorded  Magnetic  Tape  for  Information  Interchange, 

6250  cpi  (246  cpmm).  Group  Coded  Recording 
(ANSI  X3.54- 1976) 

78  Feb  01 

Magnetic  Tape  Cassettes  for  Information  Interchange 
(3.810  mm  [0.150  in]  Tape  at  32  bpmm  [800bpi],PE) 

(ANSI  X3.48- 1977) 

78  Feb  01 

Recorded  Magnetic  Tape  Cartridge  for  Inform.  Inter- 
change., 4-Track,  6.30  mm  (l/4in),  63  bpmm  (1600 
bpi).  Phase  Encoded  (ANSI  X3.56-1977) 

78  July  15 

Transmittal  Form  for  Describing  Computer  Magnetic 
Tape  File  Properties 
78  Apr  01 

Computer  Output  Microform  (COM)  Formats  and 
Reduction  Ratios,  16mm  and  105mm  (ANSI/AIIM  MS5-1991 
& MS14-1988) 

91  Jan  15 

Guideline:  Codes  for  Named  Populated  Places  Primary 
County  Divisions,  and  Other  Locational  Entities  of  the 
United  States  and  Outlying  Areas 

87  Jan  16  1 

Same  as  55DC  except  without  codes  1 

87  Feb  03 


(6)  G Guideline  for  Managing  Multivendor  Plug-Compatible 
ADP  Systems 
78  Sept  15 

(6)  G Guidelines  for  the  Measurement  of  Interactive 

Computer  Service  Response  Time  and  Turnaround  Time 
78  Aug  01 


‘Approved  in  1991 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards /guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T- Conformance  Tests 
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FIPS  NO. 

CATEGORY 

TITLE-DATE 

CHANGE  NOTICES 

58-1 

(4)  S 

Representations  of  Local  Time  of  the  Day  for 

Information  Interchange  (ANSI  X3. 43- 1986) 

88  Jan  27 

59 

(4)  S 

Representations  of  Universal  Time,  Local  Time 
Differentials,  and  United  States  Time  Zone 

References  for  Information  Interchange 
(ANSI  X3.5 1-1975) 

79  Feb  01 

60-2 

(2)  S 

I/O  Channel  Interface 

83  July  29 

2 

61-1 

(2)  S 

Channel  Level  Power  Control  Interface 

82  July  13 

1 

62 

(2)  S 

Operational  Specification  for  Magnetic  Tape 

Subsystems 

79  Feb  16  2+F.R.  notice 

63-1 

(2)  S 

Operational  Specification  for  Variable  Block 

Rotating  Mass  Storage  Subsystems 

83  Apr  14 

1 

63-1  SUPPLEMENT 

Additional  Operational  Specs  for  VBRMSS 

83  Apr  14 

1 

64 

(3)  G 

Guidelines  for  Documentation  of  Computer  Programs 
and  Automated  Data  Systems  for  the  Initiation  Phase 

79  Aug  01 

65 

(5)  G 

Guideline  for  Automatic  Data  Processing  Risk  Analysis 

79  Aug  01 

66 

(4)  S 

Standard  Industrial  Classification  (SIC)  Codes 

79  Aug  15 

67 

(2)  G 

Guideline  for  Selection  of  Data  Entry  Equipment 

79  Sept  30 

68-2 

(3)  S 

BASIC  (ANSI  X3.1 13-1987) 

87  Aug  28 

69-1 

(3)  S 

FORTRAN  (ANSI  X3.9- 1978/R1989) 

85  Dec  24 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standard  s/guidelines  (7)  Computer- Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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>1 

71 

72 

73 

74 

75 

76 

77 

78 

79 

80 

81 

82 


CATEGORY 

(4)  S 

(7)  S 

(6)  G 

(5)  G 

(5)  G 

(6)  G 

(3)  G 

(3)  G 

(7)  G 

(3)  S 

(5)  S 

(2)  G 


TITLE-DATE  CHANGE  NOTICES 

Representation  of  Geographic  Point  Locations  for 
Information  Interchange  (ANSI  X3. 61-1986) 

86  Nov  14 

Advanced  Data  Communication  Control  Procedures 
(ADCCP)  (ANSI  X3.66- 1979/R1990) 

80  May  14  1 

Guidelines  for  Measurement  of  Remote  Batch 
Computer  Service 
80  May  01 

Guidelines  for  Security  of  Computer  Applications 

80  June  30 

Guidelines  for  Implementing  and  Using  the  NBS  Data 
Encryption  Standard 

81  Apr  01 

Guideline  on  Constructing  Benchmarks  for  ADP  System 

Acquisitions 

80  Sept  18 

Guideline  for  Planning  and  Using  a Data  Dictionary  System 
80  Aug  20 

Guideline  for  Planning  and  Management  of  Database  Applications 
80  Sept  01 

Guideline  for  Implementing  Advanced  Data  Communication 
Control  Procs  (ADCCP) 

80  Sept  26 

Magnetic  Tape  Labels  and  F'ile  Structure  for  Information 
Interchange  (ANSI  X3.27-1978) 

80  Oct  17 

WITHDRAWN  1 

DES  Modes  of  Operation 

80  Dec  02  1 

Guideline  for  Inspection  and  Quality  Control  for 
Alphanumeric  Computer-Output  Microforms  (AIIM 
(NMA)  MS  1-1980) 

80  Sept  26 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer- Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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TITLE- DATE 


CHANGE  NOTICES 


FIPS  NO.  CATEGORY 
83  (5)  G 


84 


85 


(2)  S 

(2)  S 


86 


(2)  S 


87 


88 


(5)  G 

(3)  G 


89 


(2)  S 


90 


(2)  G 


91 

92 


(4)  G 


93 


(2)  S 


94  (2)  G 


Guideline  on  User  Authentication  Techniques  for 
Computer  Network  Access  Control 
80  Sept  29 

Microfilm  Readers  (ANSI/AIIM(NMA)  MS20-1979) 

80  Oct  31 

Optical  Character  Recognition  (OCR)  Inks  (ANSI 
X3.86-  1980/R1987) 

80  Nov  07 

Additional  Controls  for  Use  with  Amer.  Natl.  Std. 

Code  for  Inform.  Interchg.  (ANSI  X3.64-1979/R1990) 

81  Jan  29 

Guidelines  for  ADP  Contingency  Planning 
81  Mar  27 

Guideline  on  Intregity  Assurance  and  Control  in  Database 

Administration 

81  Aug  14 

Optical  Character  Recognition  (OCR)  Character  Positioning 
(ANSI  X3.93M-1981/R1989) 

81  Sept  04 

Guideline  for  Optical  Character  Recognition  (OCR) 

Print  Quality  (ANSI  X3.99-1983/R1991) 

83  Sept  29 

WITHDRAWN 

Guideline  for  Standard  Occupational  Classification 
(SOC)  Codes 
83  Feb  24 

Parallel  Recorded  Magnetic  Tape  Cartridge  for  InformationI 
nterchange,  4-Track,  6.30  mm  (1/4  in),  63  bpmm  (1600  bpi). 
Phase  Encoded  (ANSI  X3.72-1981/R1987) 

82  June  29 

Guideline  on  Electrical  Power  for  ADP  Installations 

83  Sept  2 1 


2 


1 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P- Program  Information  Document  T-Conformance  Tests 
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FIPS  NO. 

95 

96 

97 

98 

99 

*100-1 


101 

102 

103 


104-1 


CATEGORY 
(4)  S 

(6)  G 

(2)  S 


(3)  G 

(7)S 


(3)  G 

(5)  G 

(4)  S 

(4)  S 


TITLE-DATE 

Codes  for  the  Identification  of  Federal  and  Federally- 
Assisted  Organizations 
82  Dec  23 

Guideline  for  Developing  and  Implementing  a 
Charging  System  for  Data  Processing  Services 

82  Dec  06 

Operational  Specifications  for  Fixed  Block  Rotating 
Mass  Storage  Subsystems 

83  Feb  04 

WITHDRAWN 

Guideline:  A Framework  for  the  Evaluation  and 
Comparison  of  Software  Development  Tools 
83  Mar  31 

Interface  Between  Data  Terminal  Equipment  (DTE) 
and  Data  Circuit-Terminating  Equipment  (DCE) 
for  Operation  with  Packet- Switched  Data 
Networks  (PSDN),  or  Between  Two  DTEs,  by  Dedicated 
Circuit  (ANSI  X3. 100- 1989) 

91  Mar  20 

Guideline  for  Lifecycle  Validation,  Verification, 
and  Testing  of  Computer  Software 
83  June  06 

Guideline  for  Computer  Security  Certification  and 

Accreditation 

83  Sept  27 

Codes  for  the  Identification  of  Hydrologic  Units 
in  the  United  States  and  the  Caribbean  Outlying 
Areas  (USGS/CIRCULAR  #878-A&  ANSI  X3. 145- 1986) 
83  Nov  15 

ANS  Codes  for  the  Representation  of  Names  of 
Countries,  Dependencies,  and  Areas  of  Special 
Sovereignty  for  Information  Interchange 
86  May  12 


CHANGE  NOTICES 


24 


1 

2 


1 


‘Approved  in  1991 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer- Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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FIPS  NO. 

105 

106 

107 

108 

109 

110 

111 

112 

113 

114 

115 


CATEGORY 
(3)  G 


TITLE -DATE 

Guideline  for  Software  Documentation  Management 
84  June  06 


(3)  G Guideline  on  Software  Maintenance 
84  June  15 


(2&3)  S Local  Area  Networks:  Baseband  Carrier  Sense  Multi- 
ple Access  with  Collision  Detection  Access  Method 
and  Physical  Layer  Specifications  and  Link  Layer 
Protocol  (ANSI/IEEE  802.2&802.3) 

84  Oct  31 

(2)  S Alphanumeric  Computer  Output  Microform  Quality 
Test  Slide  (AIIM  MS28-1983) 

84  Nov  05 


(3)  S Pascal  (ANSI/IEEE  770X3.97- 1983/R1990) 
85  Jan  16 


(3)  G Guideline  for  Choosing  a Data  Management  Approach 
84  Dec  1 1 


CHANGE  NOTICES 


(2)  S Storage  Module  Interfaces  (w/extens.  for  enhanced 
storage  module  interfaces)  (ANSI  X3.91M-1982) 

85  Apr  18  1 

(5)  S Password  Usage 
85  May  30 

(5)  S Computer  Data  Authentication 
85  May  30 

(2)  S 200  mm  (8in)  Flexible  Disk  Cartridge  Track  Format  Using 
Two-Frequency  Modulation  Recording  at  6631  bprad  on 
One  Side  - 1.9  tpmm  (48  tpi)  for  Information  Interchange 
(ISO  5654/2) 

85  Sept  30 

(2)  S 200  mm  (8in)  Flexible  Disk  Cartridge  Track  Format 
Using  Modified  Frequency  Modulation  Recording  at 
13262  bprad  on  Two-Sides  - 1.9  tpmm  (48  tpi)  for 
Information  Interchange  (ISO  7065/2) 

85  Sept  30 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 

S-Standard  G-Guideline  P-Program  Information  Document  T-Conformance  Tests 
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116 

117 

118 

119 

!0-l 

121 

122 

123 

124 

125 

126 


CATEGORY 
(2)  S 


(2)  S 


(3)  S 

(3)  S 

(3)  S 

(2&3)  S 

(8)  T 

(3)  S 

(3)  G 

(3)  S 

(3)  S 


TITLE-DATE  CHANGE  NOTICES 

130  mm  (5.25  in)  Flexible  Disk  Cartridge  Track  Format 
Using  Two-Frequency  Recording  at  3979  bprad  on  One  Side 
-1.9  tpmm  (48  tpi)  for  InformationI  nterchange  (ISO  6596/2) 

85  Sept  30 

130  mm  (5.25  in)  Flexible  Disk  Cartridge  Track  Format 
Using  Modified  Frequency  Modulation  Recording  at 
7958  bprad  on  two  sides  - 1.9  tpmm  (48  tpi)  for 
Information  interchange  (ISO  7487/3) 

85  Sept  30 

Flexible  Disk  Cartridge  Labelling  and  File  Structure 
for  Information  Interchange  (ISO  7665) 

85  Sept  30 

Ada  (ANSI/MIL-STD-1815A-1983) 

85  Nov  08  1 

Graphical  Kernel  System  (GKS)  (ANSI  X3. 124- 1985. 

X3. 124. 1-1985.  X3. 124.2-1988,  X3. 124.3- 1989) 

91  Jan  08 

Videotex/Teletext  Presentation  Level  Protocol  Syntax 
(North  American  PLPS)  (ANSI  X3.1 10-1983(R1991)/ 

CS  T500-1983) 

86  May  06 

Conformance  Tests  for  FIPS  PUB  100  Version  of 
CCITT  1980  Recommendation  X.25,  etc. 

86  May  28 

Specification  for  a Data  Descriptive  File  for  Information 
Interchange  (DDF)  (ANSI/ISO  8211-1985) 

86  Sept  19 

Guideline  on  Functional  Specifications  for  Database 
Management  Systems 
86  Sept  30 

MUMPS  (ANSI/MDC  XI  1.1-1984) 

86  Nov  4 

Database  Language  NDL  (ANSI  X3. 133- 1986) 

87  Mar  10 


*Approved  in  1991 

Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
Standards/guidelines  (6)  ADP  Operations  Standards/guidelines  (7)  Computer-Related 
Telecommunications  Standards  (8)  Conformance  Tests 
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TITLE-DATE 


CHANGE  NOTICES 


FIPS  NO. 
127-1 

128 

129 

130 

131 

132 

133 

134-1 

135 

136 

137 

138 


CATEGORY 
(3)  S 

(3)  S 

(2)  S 

(2)  S 

(2)  S 

(3)  G 

(7)  S 

(7)  S 

(7)  S 

(7)  S 

(7)  S 

(7)  S 


Database  Language  SQL 

(ANSI  X3. 135-1 989  &X3. 168- 1989) 

90  Feb  02 

Computer  Graphics  Metafile  (CGM)  (ANSI  X3. 122-1986) 

87  Mar  16 

Optical  Character  Recognition  (OCR)  - Dot  Matrix 
Character  Sets  for  OCR-MA  (ANSI  X3. 1 1 1 - 1986) 

87  May  06 

Intelligent  Peripheral  Interface  (IPI)  (ANSI  X3. 129-1986, 

X3. 130-1986,  X3. 132-1987,  and  X3.147-1987) 

87  July  16 

Small  Computer  System  Interface  (SCSI)  (ANSI  X3. 131-1986) 
87  July  16 

Guideline  for  Software  Verification  and  Validation 
Plans  (ANSI /IEEE  1012-1986) 

87  Nov  19 

Coding  and  Modulation  Requirements  for  2,400  Bit/ 

Second  Modems 
86  June  02 

Coding  and  Modulation  Requirements  for  4800  Bit/ 

Second  Modems 

88  Nov  04 

Coding  and  Modulation  Requirements  for  Duplex  9600 
Bit/Second  Modems 
81  March 

Coding  and  Modulation  Requirements  for  Duplex  600 
and  1200  Bit/Second  Modems 
80  June  16 

Analog  to  Digital  Conversion  of  Voice  by  2,400  Bit/ 

Second  Linear  Predictive  Coding 
84  Nov  28 

Electrical  Characteristics  of  Balanced  Voltage  Digital 
Interface  Circuits 
75  Sept  24 


1 


1 


Category  Key:  (1)  General  Publications  (2)  Hardware  Standards/guidelines  (3)  Software 
Standards/guidelines  (4)  Data  Standards/guidelines  (5)  Computer  Security 
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139 

140 

141 

142 

143 

144 

145 

16- 1 

147 

148 

149 

150 


CATEGORY 
(7)  S 

(7)  S 

(7)  S 

(7)  S 

(7)  S 

(7)  S 

(2&3)  S 

(7)  S 

(7)  S 

(7)  S 

(7)  S 


TITLE-DATE  CHANGE  NOTICES 

Interoperability  and  Security  Requirements  for  Use  of 
the  Data  Encryption  Standard  in  the  Physical  Layer 
of  Data  Communications 
83  Aug  3 

General  Security  Requirements  for  Equipment  Using 
the  Data  Encryption  Standard 
82  Apr  14 

Interoperability  and  Security  Requirements  for  Use  of 
the  Data  Encryption  Standard  with  CCITT 
Group  3 Facsimile  Equipment 
85  Apr  04 

Electrical  Characteristics  of  Unbalanced  Voltage 
Digital  Interface  Circuits 

80  Jan  31 

General  Purpose  37-Position  9-Position  Interface 

Between  Data  Terminal  Equipment  and  Data  Circuit-Terminating 

Equipment  (ELA-RS-449) 

85  June  10 

Data  Communication  Systems  and  Services  User- 
Oriented  Performance  Parameters  (ANSI  X3.102-1983/R1990) 

85  May  28 

WITHDRAWN 

Government  Open  Systems  Interconnection  Profile  (GOSIP) 

9 1 Apr  03 

Group  3 Facsimile  Apparatus  for  Document  Transmission 

81  Aug  19 

Procedures  for  Document  Facsimile  Transmission 
(EIA-RS-466) 

82  Apr  14 

General  Aspects  of  Group  4 Facsimile  Apparatus  (ELA-536-1988) 

88  Nov  04 

Facsimile  Coding  Schemes  and  Coding  Control  Functions  for 
Group  4 Facsimile  Apparatus  (EIA-538-1988) 

88  Nov  04 


* Approved  in  1991 
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TITLE-DATE 


CHANGE  NOTICES 


FIPS  NO.  CATEGORY 


151-1 

(3)  S 

POSIX:  Portable  Operating  System  Interface  for  Computer 
Environments  (IEEE  1003.1-1988) 

90  Mar  28 

152 

(3)  S 

Standard  Generalized  Markup  Language  (SGML)  (ISO  8879-1986) 
88  Sept  26 

153 

(3)  S 

Programmer’s  Hierarchical  Interactive  Graphics  SysteM  (PHIGS) 
(ANSI/ISO  9592.1-3:1989,  ANSI/ISO  9593.3:1990,  ISO/IEC 
9593.1:1990) 

88  Oct  14 

154 

(7)  S 

High  Speed  25-Position  Interface  for  Data  Terminal 

Equipment  and  Data  Circuit-Terminating  Equipment 
(EIA-530-1987) 

88  Nov  04 

155 

(7)  S 

Data  Communication  Systems  and  Services  User-Oriented 
Performance  Measurement  Methods 

(ANSI  X3. 14 1-1987) 

88  Nov  04 

156 

(3)  S 

Information  Resources  Dictionary  System  (IRDS) 

(ANSI  X3. 138- 1988) 

89  Apr  05 

157 

(2)  G 

Guideline  for  Quality  Control  of  Image  Scanners 

89  Sept  13  (ANSI/AIIM  MS44-1988) 

158 

(3)  S 

The  User  Interface  Component  of  the  Applications 

Portability  Profile  (MIT  X Version  1 1,  Release  3) 

90  May  29 

159 

(7)  S 

Detail  Specification  for  62.5-pM  Core  Diameter/  125-pM  Cladding 
Diameter  Class  la  Multimode,  Graded-Index  Optical  Waveguide 
Fibers  (ANSI/ELA/TIA-492AAAA-1989) 

90  Dec  27 

*160 

(3)  S 

C (ANSI  X3. 159- 1989) 

91  Mar  29 

*161 

(3)  S 

Electronic  Data  Interchange  (EDI) 

91  Mar  29 

* Approved  in  1991 
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